summaryrefslogtreecommitdiffstats
path: root/net/arpwatch-devel
diff options
context:
space:
mode:
authorkrion <krion@FreeBSD.org>2004-01-19 23:34:48 +0000
committerkrion <krion@FreeBSD.org>2004-01-19 23:34:48 +0000
commitf0c1695c149262361ff6b3097929d82da077b807 (patch)
treedd912a14002c94e665abd3cb9d12c1b04f4a57bb /net/arpwatch-devel
parentede077dd8c6eaa76b4e2d10c1d311e569993d30b (diff)
downloadFreeBSD-ports-f0c1695c149262361ff6b3097929d82da077b807.zip
FreeBSD-ports-f0c1695c149262361ff6b3097929d82da077b807.tar.gz
This is a development fork of arpwatch. This has been
threaded in order to better deal with the requirements of multi-interface routers. Information regarding MAC addresses and interfaces is maintained by the program, and an alert is issued should a device move between interfaces. In addition, event processing has been refactored, and some bugs have been fixed. PR: 59180 Submitted by: Matthew George <mdg@secureworks.net> Approved by: portmgr
Diffstat (limited to 'net/arpwatch-devel')
-rw-r--r--net/arpwatch-devel/Makefile19
-rw-r--r--net/arpwatch-devel/files/arpwatch.sh15
-rw-r--r--net/arpwatch-devel/files/patch-aa22
-rw-r--r--net/arpwatch-devel/files/patch-ab47
-rw-r--r--net/arpwatch-devel/files/patch-ac67
-rw-r--r--net/arpwatch-devel/files/patch-ad101
-rw-r--r--net/arpwatch-devel/files/patch-ae336
-rw-r--r--net/arpwatch-devel/files/patch-af33
-rw-r--r--net/arpwatch-devel/files/patch-ag51
-rw-r--r--net/arpwatch-devel/files/patch-ah85
-rw-r--r--net/arpwatch-devel/files/patch-ai304
-rw-r--r--net/arpwatch-devel/files/patch-aj50
-rw-r--r--net/arpwatch-devel/files/patch-ak42
-rw-r--r--net/arpwatch-devel/files/patch-al26
-rw-r--r--net/arpwatch-devel/files/patch-am9
-rw-r--r--net/arpwatch-devel/files/patch-an126
-rw-r--r--net/arpwatch-devel/files/patch-ao20
-rw-r--r--net/arpwatch-devel/files/patch-ap78
-rw-r--r--net/arpwatch-devel/files/patch-aq12
-rw-r--r--net/arpwatch-devel/pkg-descr27
-rw-r--r--net/arpwatch-devel/pkg-plist2
21 files changed, 1202 insertions, 270 deletions
diff --git a/net/arpwatch-devel/Makefile b/net/arpwatch-devel/Makefile
index d98e743..af4c466 100644
--- a/net/arpwatch-devel/Makefile
+++ b/net/arpwatch-devel/Makefile
@@ -1,19 +1,19 @@
-# New ports collection makefile for: arpwatch
-# Date created: March 24 1997
-# Whom: Brian Somers <brian@FreeBSD.org>
+# New ports collection makefile for: arpwatch-devel
+# Date created: 11 November 2003
+# Whom: Matthew George <mdg@secureworks.net>
#
# $FreeBSD$
#
PORTNAME= arpwatch
PORTVERSION= 2.1.a11
-PORTREVISION= 3
CATEGORIES= net
MASTER_SITES= http://www.Awfulhak.org/arpwatch/ \
ftp://ftp.ee.lbl.gov/
+PKGNAMESUFFIX= -devel
DISTNAME= arpwatch-2.1a11
-MAINTAINER= krion@FreeBSD.org
+MAINTAINER= mdg@secureworks.net
COMMENT= Monitor arp & rarp requests
GNU_CONFIGURE= yes
@@ -30,13 +30,12 @@ post-install:
fi
${TOUCH} ${PREFIX}/arpwatch/arp.dat
${CHMOD} 644 ${PREFIX}/arpwatch/arp.dat
+ ${TOUCH} ${PREFIX}/arpwatch/ether.dat
+ ${CHMOD} 644 ${PREFIX}/arpwatch/ether.dat
for file in ethercodes.dat d.awk e.awk p.awk; do \
- ${INSTALL_DATA} ${WRKSRC}/$$file ${PREFIX}/arpwatch; \
+ ${INSTALL_DATA} ${WRKSRC}/$$file ${PREFIX}/arpwatch/.; \
done
- ${INSTALL_SCRIPT} ${WRKSRC}/arp2ethers ${PREFIX}/arpwatch
+ ${INSTALL_SCRIPT} ${WRKSRC}/arp2ethers ${PREFIX}/arpwatch/.
${INSTALL_SCRIPT} ${FILESDIR}/arpwatch.sh ${PREFIX}/etc/rc.d/arpwatch.sh.sample
- @${ECHO_MSG} "#####################################################################"
- @${ECHO_MSG} "Installing ${PREFIX}/etc/rc.d/arpwatch.sh.sample file."
- @${ECHO_MSG} "#####################################################################"
.include <bsd.port.mk>
diff --git a/net/arpwatch-devel/files/arpwatch.sh b/net/arpwatch-devel/files/arpwatch.sh
index 92035b9..acf4678 100644
--- a/net/arpwatch-devel/files/arpwatch.sh
+++ b/net/arpwatch-devel/files/arpwatch.sh
@@ -21,22 +21,29 @@ case $1 in
start)
if [ ! -e "$PREFIX"/arpwatch/arp.dat ]; then
if [ -e "$PREFIX"/arpwatch/arp.dat- ]; then
- cp "$PREFIX"/arpwatch/arp.dat- "$PREFIX"/arpwatch/arp.dat
+ cp "$PREFIX"/arpwatch/arp.dat- "$PREFIX"/arpwatch/arp.dat
else
touch "$PREFIX"/arpwatch/arp.dat
fi
fi
+ if [ ! -e "$PREFIX"/arpwatch/ether.dat ]; then
+ if [ -e "$PREFIX"/arpwatch/ether.dat- ]; then
+ cp "$PREFIX"/arpwatch/ether.dat- "$PREFIX"/arpwatch/ether.dat
+ else
+ touch "$PREFIX"/arpwatch/ether.dat
+ fi
+ fi
+
case ${arpwatch_interfaces} in
'')
if [ -x "$PREFIX"/sbin/arpwatch -a -d "$PREFIX"/arpwatch ]; then
- "$PREFIX"/sbin/arpwatch && echo -n ' arpwatch'
+ "$PREFIX"/sbin/arpwatch ${arpwatch_flags} && echo -n ' arpwatch'
fi
;;
*)
for interface in ${arpwatch_interfaces}; do
- touch "$PREFIX"/arpwatch/arp.${interface}.dat
- "$PREFIX"/sbin/arpwatch -i "${interface}" -f arp.${interface}.dat && echo -n " arpwatch(${interface})"
+ "$PREFIX"/sbin/arpwatch -i "${interface}" && echo -n " arpwatch(${interface})"
done
;;
esac
diff --git a/net/arpwatch-devel/files/patch-aa b/net/arpwatch-devel/files/patch-aa
new file mode 100644
index 0000000..cc73ec7
--- /dev/null
+++ b/net/arpwatch-devel/files/patch-aa
@@ -0,0 +1,22 @@
+--- ../arpwatch.orig/Makefile.in Wed Jun 14 20:39:55 2000
++++ ./Makefile.in Mon Sep 15 14:31:33 2003
+@@ -45,7 +45,7 @@
+ PROG = arpwatch
+ CCOPT = @V_CCOPT@
+ INCLS = -I. @V_INCLS@
+-DEFS = -DDEBUG @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
++DEFS = @DEFS@ -pthread -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
+
+ # Standard CFLAGS
+ CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
+@@ -110,8 +110,8 @@
+ $(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
+
+ install: force
+- $(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
+- $(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
++ $(INSTALL) -s -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
++ $(INSTALL) -s -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
+
+ install-man: force
+ $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
diff --git a/net/arpwatch-devel/files/patch-ab b/net/arpwatch-devel/files/patch-ab
index 76cbc81..883cc7d 100644
--- a/net/arpwatch-devel/files/patch-ab
+++ b/net/arpwatch-devel/files/patch-ab
@@ -1,22 +1,25 @@
---- Makefile.in.orig Wed Jul 29 06:16:45 1998
-+++ Makefile.in Fri Aug 21 10:57:51 1998
-@@ -44,7 +44,7 @@
- CC = @CC@
- CCOPT = @V_CCOPT@
- INCLS = -I. @V_INCLS@
--DEFS = -DDEBUG @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
-+DEFS = @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
-
- # Standard CFLAGS
- CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
-@@ -109,8 +109,8 @@
- $(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
-
- install: force
-- $(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
-- $(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
-+ $(INSTALL) -s -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
-+ $(INSTALL) -s -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
-
- install-man: force
- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
+--- ../arpwatch.orig/arpsnmp.8 Sun Sep 17 16:34:48 2000
++++ ./arpsnmp.8 Fri Sep 5 14:46:55 2003
+@@ -30,6 +30,9 @@
+ ] [
+ .B -f
+ .I datafile
++] [
++.B -m
++.I email
+ ]
+ .I file
+ [
+@@ -54,6 +57,12 @@
+ flag is used to set the ethernet/ip address database filename.
+ The default is
+ .IR arp.dat .
++.LP
++The
++.B -m
++flag specifies the address that will receive the emails.
++The default is
++.IR root .
+ .LP
+ Note that an empty
+ .I arp.dat
diff --git a/net/arpwatch-devel/files/patch-ac b/net/arpwatch-devel/files/patch-ac
new file mode 100644
index 0000000..b15e941
--- /dev/null
+++ b/net/arpwatch-devel/files/patch-ac
@@ -0,0 +1,67 @@
+--- ../arpwatch.orig/arpsnmp.c Sun Jan 17 20:47:40 1999
++++ ./arpsnmp.c Mon Sep 15 14:31:33 2003
+@@ -63,14 +63,17 @@
+ /* Forwards */
+ int main(int, char **);
+ int readsnmp(char *);
+-int snmp_add(u_int32_t, u_char *, time_t, char *);
++int snmp_add(u_int32_t, u_char *, time_t, char *, char *);
+ __dead void usage(void) __attribute__((volatile));
+
+ char *prog;
+
++char *Watcher;
++
+ extern int optind;
+ extern int opterr;
+ extern char *optarg;
++char *interface = NULL;
+
+ int
+ main(int argc, char **argv)
+@@ -90,7 +93,7 @@
+ }
+
+ opterr = 0;
+- while ((op = getopt(argc, argv, "df:")) != EOF)
++ while ((op = getopt(argc, argv, "df:m:")) != EOF)
+ switch (op) {
+
+ case 'd':
+@@ -105,6 +108,10 @@
+ arpfile = optarg;
+ break;
+
++ case 'm':
++ Watcher = optarg;
++ break;
++
+ default:
+ usage();
+ }
+@@ -138,7 +145,7 @@
+ static time_t now;
+
+ int
+-snmp_add(register u_int32_t a, register u_char *e, time_t t, register char *h)
++snmp_add(register u_int32_t a, register u_char *e, time_t t, register char *h, register char *i)
+ {
+ /* Watch for ethernet broadcast */
+ if (MEMCMP(e, zero, 6) == 0 || MEMCMP(e, allones, 6) == 0) {
+@@ -153,7 +160,7 @@
+ }
+
+ /* Use current time (although it would be nice to subtract idle time) */
+- return (ent_add(a, e, now, h));
++ return (ent_add(a, e, now, h, interface));
+ }
+
+ /* Process an snmp file */
+@@ -184,6 +191,6 @@
+
+ (void)fprintf(stderr, "Version %s\n", version);
+ (void)fprintf(stderr,
+- "usage: %s [-d] [-f datafile] file [...]\n", prog);
++ "usage: %s [-d] [-f datafile] [-m email] file [...]\n", prog);
+ exit(1);
+ }
diff --git a/net/arpwatch-devel/files/patch-ad b/net/arpwatch-devel/files/patch-ad
new file mode 100644
index 0000000..7518ae6
--- /dev/null
+++ b/net/arpwatch-devel/files/patch-ad
@@ -0,0 +1,101 @@
+--- ../arpwatch-2.1a11/arpwatch.8 Sun Oct 8 16:31:28 2000
++++ ./arpwatch.8 Mon Sep 15 17:30:45 2003
+@@ -30,7 +30,10 @@
+ .B -dN
+ ] [
+ .B -f
+-.I datafile
++.I arpfile
++] [
++.B -e
++.I etherfile
+ ] [
+ .B -i
+ .I interface
+@@ -38,6 +41,9 @@
+ .br
+ .ti +8
+ [
++.B -m
++.I email
++] [
+ .B -n
+ .IR net [/ width
+ ]] [
+@@ -67,8 +73,24 @@
+ .IR arp.dat .
+ .LP
+ The
++.B -e
++flag is used to set the ethernet/interface database filename.
++The default is
++.IR ether.dat .
++.LP
++The
++.B -i
++flag is used to specify a single interface. By default,
++.B arpwatch
++will listen to all non-loopback interfaces. Using more than one
+ .B -i
+-flag is used to override the default interface.
++option on the same command line is not supported.
++.LP
++The
++.B -m
++flag specifies the address that will receive the emails.
++The default is
++.IR root .
+ .LP
+ The
+ .B -n
+@@ -81,6 +103,8 @@
+ The
+ .B -N
+ flag disables reporting any bogons.
++It is highly recommended that this flag be used on machines with
++multiple interfaces.
+ .LP
+ The
+ .B -r
+@@ -96,6 +120,8 @@
+ .LP
+ Note that an empty
+ .I arp.dat
++and
++.I ether.dat
+ file must be created before the first time you run
+ .BR arpwatch .
+ .LP
+@@ -105,12 +131,19 @@
+ (and
+ .BR arpsnmp (1)):
+ .TP
++.B "new ethernet device"
++The ethernet address has not been seen before.
++.TP
++.B "ethernet device changed interfaces"
++An ethernet address associated with one interface has moved to a
++different interface.
++.TP
+ .B "new activity"
+ This ethernet/ip address pair has been used for the first time six
+ months or more.
+ .TP
+-.B "new station"
+-The ethernet address has not been seen before.
++.B "new active IP address"
++The IP address has not been seen before.
+ .TP
+ .B "flip flop"
+ The ethernet address has changed from the most recently seen address to
+@@ -152,8 +185,9 @@
+ .na
+ .nh
+ .nf
+-/usr/operator/arpwatch - default directory
++/usr/local/arpwatch - default directory
+ arp.dat - ethernet/ip address database
++ether.dat - ethernet/interface address database
+ ethercodes.dat - vendor ethernet block list
+ .ad
+ .hy
diff --git a/net/arpwatch-devel/files/patch-ae b/net/arpwatch-devel/files/patch-ae
index 3fe876a..41828ff 100644
--- a/net/arpwatch-devel/files/patch-ae
+++ b/net/arpwatch-devel/files/patch-ae
@@ -1,20 +1,316 @@
---- configure.orig Thu Jun 15 01:37:53 2000
-+++ configure Tue Sep 5 02:57:33 2000
-@@ -649,7 +649,7 @@
- :
- fi
-
-- V_CCOPT="-O"
-+# V_CCOPT="-O"
- V_INCLS=""
- if test "${srcdir}" != "." ; then
- V_INCLS="-I\$\(srcdir\)"
-@@ -2599,7 +2599,7 @@
- fi
- V_CCOPT="$V_CCOPT -Wall"
- if test $ac_cv_lbl_gcc_vers -gt 1 ; then
-- V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes"
-+# V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes"
- fi
- fi
- else
+--- arpwatch.c.orig Sat Oct 14 04:07:35 2000
++++ arpwatch.c Tue Jan 20 00:22:23 2004
+@@ -36,6 +36,7 @@
+ #include <sys/ioctl.h>
+ #include <sys/socket.h>
+ #include <sys/time.h>
++#include <pthread.h>
+
+ #if __STDC__
+ struct mbuf;
+@@ -107,6 +108,8 @@
+
+ char *prog;
+
++char *Watcher = NULL;
++
+ int can_checkpoint;
+ int swapped;
+ int nobogons;
+@@ -123,6 +126,14 @@
+ static int nets_ind;
+ static int nets_size;
+
++struct aw_threads {
++ char *interface;
++ pthread_t thread;
++};
++
++struct aw_threads *threads = NULL;
++extern pthread_mutex_t mtx_einfo, mtx_ainfo;
++
+ extern int optind;
+ extern int opterr;
+ extern char *optarg;
+@@ -145,14 +156,14 @@
+ main(int argc, char **argv)
+ {
+ register char *cp;
+- register int op, pid, snaplen, timeout, linktype, status;
++ register int op, pid, if_cnt, i;
+ #ifdef TIOCNOTTY
+ register int fd;
+ #endif
+- register pcap_t *pd;
+- register char *interface, *rfilename;
+- struct bpf_program code;
++ register char *rfilename;
+ char errbuf[PCAP_ERRBUF_SIZE];
++ pcap_if_t *adp, *alldevsp = NULL;
++ char *interface = NULL;
+
+ if (argv[0] == NULL)
+ prog = "arpwatch";
+@@ -167,10 +178,8 @@
+ }
+
+ opterr = 0;
+- interface = NULL;
+ rfilename = NULL;
+- pd = NULL;
+- while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
++ while ((op = getopt(argc, argv, "de:f:i:m:n:Nr:")) != EOF)
+ switch (op) {
+
+ case 'd':
+@@ -181,6 +190,10 @@
+ #endif
+ break;
+
++ case 'e':
++ etherfile = optarg;
++ break;
++
+ case 'f':
+ arpfile = optarg;
+ break;
+@@ -202,6 +215,10 @@
+ rfilename = optarg;
+ break;
+
++ case 'm':
++ Watcher = optarg;
++ break;
++
+ default:
+ usage();
+ }
+@@ -213,19 +230,23 @@
+ net = 0;
+ netmask = 0;
+ } else {
+- /* Determine interface if not specified */
+- if (interface == NULL &&
+- (interface = pcap_lookupdev(errbuf)) == NULL) {
+- (void)fprintf(stderr, "%s: lookup_device: %s\n",
+- prog, errbuf);
+- exit(1);
+- }
++ /* if not specified, do all non loopback interfaces */
++ if (interface == NULL) {
+
+- /* Determine network and netmask */
+- if (pcap_lookupnet(interface, &net, &netmask, errbuf) < 0) {
+- (void)fprintf(stderr, "%s: bad interface %s: %s\n",
+- prog, interface, errbuf);
+- exit(1);
++ pcap_findalldevs(&alldevsp, errbuf);
++ if (alldevsp == NULL) {
++ (void)fprintf(stderr, "no suitable interfaces\n");
++ exit(1);
++ }
++
++ if_cnt = 0;
++ for(adp = alldevsp; adp != NULL; adp = adp->next) {
++ if (adp->flags != PCAP_IF_LOOPBACK)
++ ++if_cnt;
++ }
++
++ } else {
++ if_cnt = 1;
+ }
+
+ /* Drop into the background if not debugging */
+@@ -238,7 +259,7 @@
+ exit(0);
+ (void)close(fileno(stdin));
+ (void)close(fileno(stdout));
+- (void)close(fileno(stderr));
++
+ #ifdef TIOCNOTTY
+ fd = open("/dev/tty", O_RDWR);
+ if (fd >= 0) {
+@@ -251,12 +272,82 @@
+ }
+ }
+
+- openlog(prog, 0, LOG_DAEMON);
++ if (debug)
++ openlog(prog, LOG_PERROR, LOG_DAEMON);
++ else
++ openlog(prog, 0, LOG_DAEMON);
+
+ if (chdir(arpdir) < 0) {
+ syslog(LOG_ERR, "chdir(%s): %m", arpdir);
+ syslog(LOG_ERR, "(using current working directory)");
+ }
++ /* Read in database */
++ initializing = 1;
++ if (!readdata())
++ exit(1);
++ sorteinfo();
++#ifdef DEBUG
++ if (debug > 2) {
++ debugdump();
++ exit(0);
++ }
++#endif
++ initializing = 0;
++
++ (void)setsignal(SIGINT, die);
++ (void)setsignal(SIGTERM, die);
++ (void)setsignal(SIGHUP, die);
++ if (rfilename == NULL) {
++ (void)setsignal(SIGQUIT, checkpoint);
++ (void)setsignal(SIGALRM, checkpoint);
++ (void)alarm(CHECKPOINT);
++ }
++
++ threads = (struct aw_threads *) malloc(sizeof(struct aw_threads) * (if_cnt + 1));
++ memset((char *)threads, 0, sizeof(*threads) * (if_cnt + 1));
++ pthread_mutex_init(&mtx_einfo, NULL);
++ pthread_mutex_init(&mtx_ainfo, NULL);
++
++ if (interface != NULL)
++ {
++ threads[0].interface = interface;
++ pthread_create(&threads[0].thread, NULL, (void *)pcap_thread, interface);
++ }
++ else
++ {
++ i = 0;
++
++ for (adp = alldevsp; adp != NULL; adp = adp->next)
++ if (adp->flags != PCAP_IF_LOOPBACK)
++ {
++ threads[i].interface = adp->name;
++ pthread_create(&threads[i++].thread, NULL, (void *)pcap_thread, adp->name);
++ }
++ }
++
++ for (i=0; i < if_cnt; i++)
++ pthread_join(threads[i].thread, NULL);
++
++ if (!dump())
++ exit(1);
++ exit(0);
++}
++
++int
++pcap_thread(char *interface)
++{
++ register char *rfilename = NULL;
++ char errbuf[PCAP_ERRBUF_SIZE];
++ register pcap_t *pd = NULL;
++ register int snaplen, timeout, linktype, status;
++ struct bpf_program code;
++
++ /* Determine network and netmask */
++ if (pcap_lookupnet(interface, &net, &netmask, errbuf) < 0) {
++ (void)fprintf(stderr, "%s: bad interface %s: %s\n",
++ prog, interface, errbuf);
++ return(1);
++ }
+
+ if (rfilename != NULL) {
+ pd = pcap_open_offline(rfilename, errbuf);
+@@ -306,27 +397,7 @@
+ if (rfilename == NULL)
+ syslog(LOG_INFO, "listening on %s", interface);
+
+- /* Read in database */
+- initializing = 1;
+- if (!readdata())
+- exit(1);
+- sorteinfo();
+-#ifdef DEBUG
+- if (debug > 2) {
+- debugdump();
+- exit(0);
+- }
+-#endif
+- initializing = 0;
+
+- (void)setsignal(SIGINT, die);
+- (void)setsignal(SIGTERM, die);
+- (void)setsignal(SIGHUP, die);
+- if (rfilename == NULL) {
+- (void)setsignal(SIGQUIT, checkpoint);
+- (void)setsignal(SIGALRM, checkpoint);
+- (void)alarm(CHECKPOINT);
+- }
+
+ switch (linktype) {
+
+@@ -347,9 +418,7 @@
+ exit(1);
+ }
+ pcap_close(pd);
+- if (!dump())
+- exit(1);
+- exit(0);
++ return(0);
+ }
+
+ /* Process an ethernet arp/rarp packet */
+@@ -362,6 +431,8 @@
+ register u_char *sea, *sha;
+ register time_t t;
+ u_int32_t sia;
++ register pthread_t thread_self = NULL;
++ register struct aw_threads *atp = threads;
+
+ eh = (struct ether_header *)p;
+ ea = (struct ether_arp *)(eh + 1);
+@@ -400,9 +471,16 @@
+ /* Got a live one */
+ t = h->ts.tv_sec;
+ can_checkpoint = 0;
+- if (!ent_add(sia, sea, t, NULL))
++ thread_self = pthread_self();
++
++ for (atp = threads; atp != NULL; atp++)
++ if (pthread_equal(atp->thread, thread_self))
++ break;
++
++ if (!ent_add(sia, sea, t, NULL, atp->interface))
+ syslog(LOG_ERR, "ent_add(%s, %s, %ld) failed",
+ intoa(sia), e2str(sea), t);
++
+ can_checkpoint = 1;
+ }
+
+@@ -507,6 +585,8 @@
+ register u_char *sea, *sha;
+ register time_t t;
+ u_int32_t sia;
++ register pthread_t thread_self = NULL;
++ register struct aw_threads *atp = threads;
+
+ fh = (struct fddi_header *)p;
+ ea = (struct ether_arp *)(fh + 1);
+@@ -549,7 +629,13 @@
+ /* Got a live one */
+ t = h->ts.tv_sec;
+ can_checkpoint = 0;
+- if (!ent_add(sia, sea, t, NULL))
++ thread_self = pthread_self();
++
++ for (atp = threads; atp != NULL; atp++)
++ if (atp->thread == thread_self)
++ break;
++
++ if (!ent_add(sia, sea, t, NULL, atp->interface))
+ syslog(LOG_ERR, "ent_add(%s, %s, %ld) failed",
+ intoa(sia), e2str(sea), t);
+ can_checkpoint = 1;
+@@ -750,7 +836,7 @@
+ extern char version[];
+
+ (void)fprintf(stderr, "Version %s\n", version);
+- (void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
+- " [-n net[/width]] [-r file]\n", prog);
++ (void)fprintf(stderr, "usage: %s [-dN] [-f arpfile] [-e etherfile] [-i interface]"
++ " [-m email] [-n net[/width]] [-r file]\n", prog);
+ exit(1);
+ }
diff --git a/net/arpwatch-devel/files/patch-af b/net/arpwatch-devel/files/patch-af
index 0145483..432cc06 100644
--- a/net/arpwatch-devel/files/patch-af
+++ b/net/arpwatch-devel/files/patch-af
@@ -1,17 +1,16 @@
---- ethercodes.dat.orig Thu May 3 21:59:10 2001
-+++ ethercodes.dat Tue Nov 11 10:59:56 2003
-@@ -4419,7 +4419,7 @@
- 0:d0:b4 KATSUJIMA CO., LTD.
- 0:d0:b5 DOTCOM
- 0:d0:b6 CRESCENT NETWORKS, INC.
--0:d0:b7 INTEL CORPOTATION
-+0:d0:b7 INTEL CORPORATION
- 0:d0:b8 IOMEGA CORP.
- 0:d0:b9 MICROTEK INTERNATIONAL, INC.
- 0:d0:ba CISCO SYSTEMS, INC.
-@@ -4964,3 +4964,5 @@
- c0:0:0 Western Digital (may be reversed 00 00 C0?)
- e2:c:f Kingston Technologies
- ec:10:0 Enance Source Co., Ltd. PC clones(?)
-+0:bd:11 VMWare Inc
-+0:bd:fb VMWare Inc
+--- ../arpwatch-2.1a11/arpwatch.h Sat Sep 30 19:40:55 2000
++++ ./arpwatch.h Fri Sep 12 17:01:42 2003
+@@ -1,6 +1,7 @@
+ /* @(#) $Id: arpwatch.h,v 1.29 2000/09/30 23:40:49 leres Exp $ (LBL) */
+
+ #define ARPFILE "arp.dat"
++#define ETHERFILE "ether.dat"
+ #define ETHERCODES "ethercodes.dat"
+ #define CHECKPOINT (15*60) /* Checkpoint time in seconds */
+
+@@ -40,3 +41,5 @@
+ #define SPA(ap) ((ap)->arp_spa)
+ #define TPA(ap) ((ap)->arp_tpa)
+ #endif
++
++int pcap_thread(char *);
diff --git a/net/arpwatch-devel/files/patch-ag b/net/arpwatch-devel/files/patch-ag
index bbd6899..f386153 100644
--- a/net/arpwatch-devel/files/patch-ag
+++ b/net/arpwatch-devel/files/patch-ag
@@ -1,39 +1,14 @@
---- arpwatch.c.orig Thu Feb 22 22:47:29 2001
-+++ arpwatch.c Thu Feb 22 22:47:29 2001
-@@ -107,6 +107,8 @@
-
- char *prog;
-
-+char *Watcher = NULL;
+--- ../arpwatch.orig/configure.in Sat Oct 14 14:19:10 2000
++++ ./configure.in Wed Sep 10 13:08:05 2003
+@@ -170,6 +170,11 @@
+ if test ! -f arp.dat ; then
+ echo 'creating empty arp.dat file'
+ touch arp.dat
++fi
+
- int can_checkpoint;
- int swapped;
- int nobogons;
-@@ -170,7 +172,7 @@
- interface = NULL;
- rfilename = NULL;
- pd = NULL;
-- while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
-+ while ((op = getopt(argc, argv, "df:i:m:n:Nr:")) != EOF)
- switch (op) {
-
- case 'd':
-@@ -202,6 +204,10 @@
- rfilename = optarg;
- break;
-
-+ case 'm':
-+ Watcher = optarg;
-+ break;
-+
- default:
- usage();
- }
-@@ -751,6 +757,6 @@
-
- (void)fprintf(stderr, "Version %s\n", version);
- (void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
-- " [-n net[/width]] [-r file]\n", prog);
-+ " [-m email] [-n net[/width]] [-r file]\n", prog);
- exit(1);
- }
++if test ! -f ether.dat ; then
++ echo 'creating empty ether.dat file'
++ touch ether.dat
+ fi
+
+ if test -f .devel ; then
diff --git a/net/arpwatch-devel/files/patch-ah b/net/arpwatch-devel/files/patch-ah
index b292b25..ba79d66 100644
--- a/net/arpwatch-devel/files/patch-ah
+++ b/net/arpwatch-devel/files/patch-ah
@@ -1,55 +1,32 @@
---- report.c.orig Sun Oct 1 00:41:10 2000
-+++ report.c Thu May 16 11:34:33 2002
-@@ -45,6 +45,8 @@
-
- #include <ctype.h>
- #include <errno.h>
-+#include <fcntl.h>
-+#include <paths.h>
- #include <signal.h>
- #include <stdio.h>
- #include <stdlib.h>
-@@ -70,6 +72,8 @@
-
- #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
-
-+extern char *Watcher;
+--- ../arpwatch.orig/configure Wed May 16 14:26:11 2001
++++ ./configure Wed Sep 10 13:08:05 2003
+@@ -649,7 +649,7 @@
+ :
+ fi
+
+- V_CCOPT="-O"
++# V_CCOPT="-O"
+ V_INCLS=""
+ if test "${srcdir}" != "." ; then
+ V_INCLS="-I\$\(srcdir\)"
+@@ -2496,7 +2496,7 @@
+ fi
+ V_CCOPT="$V_CCOPT -Wall"
+ if test $ac_cv_lbl_gcc_vers -gt 1 ; then
+- V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes"
++# V_CCOPT="$V_CCOPT -Wmissing-prototypes -Wstrict-prototypes"
+ fi
+ fi
+ else
+@@ -3075,6 +3075,11 @@
+ if test ! -f arp.dat ; then
+ echo 'creating empty arp.dat file'
+ touch arp.dat
++fi
+
- static int cdepth; /* number of outstanding children */
-
- static char *fmtdate(time_t);
-@@ -240,7 +244,7 @@
- register FILE *f;
- char tempfile[64], cpu[64], os[64];
- char *fmt = "%20s: %s\n";
-- char *watcher = WATCHER;
-+ char *watcher = Watcher ? Watcher : WATCHER;
- char *watchee = WATCHEE;
- char *sendmail = PATH_SENDMAIL;
- char *unknown = "<unknown>";
-@@ -344,6 +348,25 @@
- exit(1);
- }
- /* XXX Need to freopen()? */
-+
-+ /*
-+ * Open /dev/null as stdout and stderr so that sendmail 8.12.1 (and
-+ * above ?) won't complain about missing file descriptors.
-+ */
-+ if ((fd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
-+ syslog(LOG_ERR, "Cannot open %s: %m", _PATH_DEVNULL);
-+ exit(1);
-+ }
-+ if (dup2(fd, STDOUT_FILENO) == -1) {
-+ syslog(LOG_ERR, "Cannot dup2 %s to stdout: %m", _PATH_DEVNULL);
-+ exit(1);
-+ }
-+ if (dup2(fd, STDERR_FILENO) == -1) {
-+ syslog(LOG_ERR, "Cannot dup2 %s to stderr: %m", _PATH_DEVNULL);
-+ exit(1);
-+ }
-+ close(fd);
-+
- /* Always Deliver interactively (pause when child depth gets large) */
- execl(sendmail, "sendmail", "-odi", watcher, NULL);
- syslog(LOG_ERR, "execl: %s: %m", sendmail);
++if test ! -f ether.dat ; then
++ echo 'creating empty ether.dat file'
++ touch ether.dat
+ fi
+
+ if test -f .devel ; then
diff --git a/net/arpwatch-devel/files/patch-ai b/net/arpwatch-devel/files/patch-ai
index ef25122..ae8c0ec 100644
--- a/net/arpwatch-devel/files/patch-ai
+++ b/net/arpwatch-devel/files/patch-ai
@@ -1,39 +1,271 @@
---- arpsnmp.c.orig Mon Jan 18 01:47:40 1999
-+++ arpsnmp.c Thu Feb 22 22:47:29 2001
-@@ -68,6 +68,8 @@
-
- char *prog;
-
-+char *Watcher;
-+
- extern int optind;
- extern int opterr;
- extern char *optarg;
-@@ -90,7 +92,7 @@
+--- ../arpwatch.orig/db.c Sat Sep 30 19:39:58 2000
++++ ./db.c Mon Sep 15 13:17:07 2003
+@@ -41,6 +41,7 @@
+ #include <string.h>
+ #include <syslog.h>
+ #include <unistd.h>
++#include <pthread.h>
+
+ #include "gnuc.h"
+ #ifdef HAVE_OS_PROTO_H
+@@ -54,18 +55,9 @@
+ #include "report.h"
+ #include "util.h"
+
+-#define HASHSIZE (2 << 15)
+-
+ #define NEWACTIVITY_DELTA (6*30*24*60*60) /* 6 months in seconds */
+ #define FLIPFLIP_DELTA (24*60*60) /* 24 hours in seconds */
+
+-/* Ethernet info */
+-struct einfo {
+- u_char e[6]; /* ether address */
+- char h[34]; /* simple hostname */
+- time_t t; /* timestamp */
+-};
+-
+ /* Address info */
+ struct ainfo {
+ u_int32_t a; /* ip address */
+@@ -78,22 +70,69 @@
+ /* Address hash table */
+ static struct ainfo ainfo_table[HASHSIZE];
+
++
++/* Ethernet hash table */
++struct einfo einfo_table[HASHSIZE];
++int et_cnt = 0;
++
+ static void alist_alloc(struct ainfo *);
+ int cmpeinfo(const void *, const void *);
+-static struct einfo *elist_alloc(u_int32_t, u_char *, time_t, char *);
++static struct einfo *elist_alloc(u_int32_t, u_char *, time_t, char *, char *);
+ static struct ainfo *ainfo_find(u_int32_t);
++static struct einfo *einfo_find(u_char *);
+ static void check_hname(struct ainfo *);
+ struct ainfo *newainfo(void);
+
++pthread_mutex_t mtx_einfo, mtx_ainfo;
++
+ int
+-ent_add(register u_int32_t a, register u_char *e, time_t t, register char *h)
++ent_add(register u_int32_t a, register u_char *e, time_t t, register char *h, register char *interface)
+ {
+ register struct ainfo *ap;
+- register struct einfo *ep;
++ struct einfo *ep;
+ register int i;
+ register u_int len;
+ u_char *e2;
+ time_t t2;
++ register evt_type event = NULL;
++ char *if2 = NULL;
++
++ pthread_mutex_lock(&mtx_einfo);
++
++ /* Lookup ethernet address */
++ ep = einfo_find(e);
++
++ /* New einfo? (elist_alloc makes 16 at a time -- no thanks) */
++ if (ep == NULL && ! initializing) {
++ if (et_cnt >= HASHSIZE) {
++ syslog(LOG_ERR, "ERROR: einfo_table too big");
++ } else {
++ ep = &einfo_table[et_cnt++];
++ BCOPY(e, ep->e, sizeof(ep->e));
++ if (h == NULL)
++ h = getsname(a);
++ if (h != NULL && !isdigit((int)*h))
++ strncpy(ep->h, h, sizeof(ep->h));
++ ep->t = t;
++ strncpy(ep->iface, interface, sizeof(ep->iface));
++ event |= ETHER_NEW;
++ e2 = NULL;
++ t2 = NULL;
++ }
++ } else if (! initializing) {
++ if (strncmp(ep->iface, interface, sizeof(ep->iface)) != 0) {
++ event |= ETHER_IFCHG;
++ asprintf(&if2, "%s", ep->iface);
++ memset((char *)ep->iface, 0, sizeof(ep->iface));
++ BCOPY(interface, ep->iface, sizeof(ep->iface));
++ e2 = NULL;
++ t2 = ep->t;
++ ep->t = t;
++ }
++ }
++
++ pthread_mutex_unlock(&mtx_einfo);
++ pthread_mutex_lock(&mtx_ainfo);
+
+ /* Lookup ip address */
+ ap = ainfo_find(a);
+@@ -101,28 +140,30 @@
+ /* Check for the usual case first */
+ if (ap->ecount > 0) {
+ ep = ap->elist[0];
+- if (MEMCMP(e, ep->e, 6) == 0) {
++ if (MEMCMP(e, ep->e, sizeof(ep->e)) == 0) {
+ if (t - ep->t > NEWACTIVITY_DELTA) {
+- report("new activity", a, e, NULL, &t, &ep->t);
++ event |= ACTIVITY_NEW;
++ e2 = NULL;
++ t2 = ep->t;
+ check_hname(ap);
+ }
+ ep->t = t;
+- return (1);
+ }
+ }
+
+ /* Check for a virgin ainfo record */
+ if (ap->ecount == 0) {
+ ap->ecount = 1;
+- ap->elist[0] = elist_alloc(a, e, t, h);
+- report("new station", a, e, NULL, &t, NULL);
+- return (1);
++ ap->elist[0] = elist_alloc(a, e, t, h, interface);
++ event |= IP_NEW;
++ e2 = NULL;
++ t2 = NULL;
+ }
+
+ /* Check for a flip-flop */
+ if (ap->ecount > 1) {
+ ep = ap->elist[1];
+- if (MEMCMP(e, ep->e, 6) == 0) {
++ if (MEMCMP(e, ep->e, sizeof(ep->e)) == 0) {
+ /*
+ * Suppress report when less than
+ * FLIPFLOP_DELTA and one of the two ethernet
+@@ -131,48 +172,76 @@
+ t2 = ap->elist[0]->t;
+ e2 = ap->elist[0]->e;
+ if (t - t2 < FLIPFLIP_DELTA &&
+- (isdecnet(e) || isdecnet(e2)))
++ (isdecnet(e) || isdecnet(e2))) {
+ dosyslog(LOG_INFO,
+ "suppressed DECnet flip flop", a, e, e2);
+- else
+- report("flip flop", a, e, e2, &t, &t2);
++ event |= FLIPFLOP_DECNET;
++ } else {
++ event |= FLIPFLOP;
++ }
++
+ ap->elist[1] = ap->elist[0];
+ ap->elist[0] = ep;
+ ep->t = t;
+ check_hname(ap);
+- return (1);
+ }
}
-
- opterr = 0;
-- while ((op = getopt(argc, argv, "df:")) != EOF)
-+ while ((op = getopt(argc, argv, "df:m:")) != EOF)
- switch (op) {
-
- case 'd':
-@@ -105,6 +107,10 @@
- arpfile = optarg;
- break;
-
-+ case 'm':
-+ Watcher = optarg;
-+ break;
-+
- default:
- usage();
+
+ for (i = 2; i < ap->ecount; ++i) {
+ ep = ap->elist[i];
+- if (MEMCMP(e, ep->e, 6) == 0) {
++ if (MEMCMP(e, ep->e, sizeof(ep->e)) == 0) {
+ /* An old entry comes to life */
+ e2 = ap->elist[0]->e;
+ t2 = ap->elist[0]->t;
+ dosyslog(LOG_NOTICE, "reused old ethernet address",
+ a, e, e2);
++ event |= IP_ETHER_REUSE;
+ /* Shift entries down */
+ len = i * sizeof(ap->elist[0]);
+ BCOPY(&ap->elist[0], &ap->elist[1], len);
+ ap->elist[0] = ep;
+ ep->t = t;
+ check_hname(ap);
+- return (1);
}
-@@ -184,6 +190,6 @@
-
- (void)fprintf(stderr, "Version %s\n", version);
- (void)fprintf(stderr,
-- "usage: %s [-d] [-f datafile] file [...]\n", prog);
-+ "usage: %s [-d] [-f datafile] [-m email] file [...]\n", prog);
- exit(1);
+ }
+
+- /* New ether address */
+- e2 = ap->elist[0]->e;
+- t2 = ap->elist[0]->t;
+- report("changed ethernet address", a, e, e2, &t, &t2);
+- /* Make room at head of list */
+- alist_alloc(ap);
+- len = ap->ecount * sizeof(ap->elist[0]);
+- BCOPY(&ap->elist[0], &ap->elist[1], len);
+- ap->elist[0] = elist_alloc(a, e, t, h);
+- ++ap->ecount;
+- return (1);
++ /* as originally written, any of these conditions would cause this
++ * block never to be reached. ETHER_NEW and ETHER_IFCHG have been added to that list.
++ */
++ if (event & ~(ACTIVITY_NEW | IP_NEW | FLIPFLOP | FLIPFLOP_DECNET | IP_ETHER_REUSE | ETHER_NEW | ETHER_IFCHG)) {
++ /* New ether address */
++ e2 = ap->elist[0]->e;
++ t2 = ap->elist[0]->t;
++ event |= IP_ETHERCHG;
++ /* Make room at head of list */
++ alist_alloc(ap);
++ len = ap->ecount * sizeof(ap->elist[0]);
++ BCOPY(&ap->elist[0], &ap->elist[1], len);
++ ap->elist[0] = elist_alloc(a, e, t, h, interface);
++ ++ap->ecount;
++ }
++
++ pthread_mutex_unlock(&mtx_ainfo);
++
++ report(event, a, e, e2, &t, &t2, interface, if2);
++
++ if (if2 != NULL)
++ free(if2);
++
++ return(1);
++}
++
++static struct einfo *
++einfo_find(register u_char *e)
++{
++ register int i;
++
++ for (i=0; i < et_cnt; i++) {
++ if (MEMCMP(einfo_table[i].e, e, sizeof(einfo_table[i].e)) == 0)
++ return(&einfo_table[i]);
++ }
++
++ return(NULL);
+ }
+
+ static struct ainfo *
+@@ -259,7 +328,7 @@
+ /* Allocate and initialize a elist struct */
+ static struct einfo *
+ elist_alloc(register u_int32_t a, register u_char *e, register time_t t,
+- register char *h)
++ register char *h, register char *interface)
+ {
+ register struct einfo *ep;
+ register u_int size;
+@@ -280,12 +349,16 @@
+
+ ep = elist++;
+ --eleft;
+- BCOPY(e, ep->e, 6);
++ BCOPY(e, ep->e, sizeof(ep->e));
+ if (h == NULL && !initializing)
+ h = getsname(a);
+ if (h != NULL && !isdigit((int)*h))
+- strcpy(ep->h, h);
++ strncpy(ep->h, h, sizeof(ep->h));
+ ep->t = t;
++
++ if (interface != NULL)
++ strncpy(ep->iface, interface, sizeof(ep->iface));
++
+ return (ep);
+ }
+
+@@ -304,7 +377,7 @@
+ if (!isdigit((int)*h) && strcmp(h, ep->h) != 0) {
+ syslog(LOG_INFO, "hostname changed %s %s %s -> %s",
+ intoa(ap->a), e2str(ep->e), ep->h, h);
+- strcpy(ep->h, h);
++ strncpy(ep->h, h, sizeof(ep->h));
+ }
}
+
diff --git a/net/arpwatch-devel/files/patch-aj b/net/arpwatch-devel/files/patch-aj
index 85e34bf4..0e8ba51 100644
--- a/net/arpwatch-devel/files/patch-aj
+++ b/net/arpwatch-devel/files/patch-aj
@@ -1,25 +1,25 @@
---- arpwatch.8.orig Sun Oct 8 21:31:28 2000
-+++ arpwatch.8 Thu Feb 22 22:47:29 2001
-@@ -38,6 +38,9 @@
- .br
- .ti +8
- [
-+.B -m
-+.I email
-+] [
- .B -n
- .IR net [/ width
- ]] [
-@@ -69,6 +72,12 @@
- The
- .B -i
- flag is used to override the default interface.
-+.LP
-+The
-+.B -m
-+flag specifies the address that will receive the emails.
-+The default is
-+.IR root .
- .LP
- The
- .B -n
+--- ../arpwatch.orig/db.h Wed Jun 5 01:39:30 1996
++++ ./db.h Mon Sep 15 14:55:27 2003
+@@ -1,10 +1,21 @@
+ /* @(#) $Header: db.h,v 1.8 96/06/04 22:39:29 leres Exp $ (LBL) */
+
++#define HASHSIZE (2 << 15)
++
+ typedef void (*ent_process)(u_int32_t, u_char *, time_t, char *);
+
+ #ifdef DEBUG
+ void debugdump(void);
+ #endif
+-int ent_add(u_int32_t, u_char *, time_t, char *);
++int ent_add(u_int32_t, u_char *, time_t, char *, char *);
+ int ent_loop(ent_process);
+ void sorteinfo(void);
++
++/* Ethernet info */
++struct einfo {
++ u_char e[6]; /* ether address */
++ char h[34]; /* simple hostname */
++ time_t t; /* timestamp */
++ char iface[10]; /* interface name */
++};
++
diff --git a/net/arpwatch-devel/files/patch-ak b/net/arpwatch-devel/files/patch-ak
index 50b504b..b16ba65 100644
--- a/net/arpwatch-devel/files/patch-ak
+++ b/net/arpwatch-devel/files/patch-ak
@@ -1,25 +1,17 @@
---- arpsnmp.8.orig Sun Sep 17 21:34:48 2000
-+++ arpsnmp.8 Thu Feb 22 22:47:29 2001
-@@ -30,6 +30,9 @@
- ] [
- .B -f
- .I datafile
-+] [
-+.B -m
-+.I email
- ]
- .I file
- [
-@@ -54,6 +57,12 @@
- flag is used to set the ethernet/ip address database filename.
- The default is
- .IR arp.dat .
-+.LP
-+The
-+.B -m
-+flag specifies the address that will receive the emails.
-+The default is
-+.IR root .
- .LP
- Note that an empty
- .I arp.dat
+--- ethercodes.dat.orig Thu May 3 21:59:10 2001
++++ ethercodes.dat Tue Nov 11 09:35:25 2003
+@@ -4419,7 +4419,7 @@
+ 0:d0:b4 KATSUJIMA CO., LTD.
+ 0:d0:b5 DOTCOM
+ 0:d0:b6 CRESCENT NETWORKS, INC.
+-0:d0:b7 INTEL CORPOTATION
++0:d0:b7 INTEL CORPORATION
+ 0:d0:b8 IOMEGA CORP.
+ 0:d0:b9 MICROTEK INTERNATIONAL, INC.
+ 0:d0:ba CISCO SYSTEMS, INC.
+@@ -4964,3 +4964,5 @@
+ c0:0:0 Western Digital (may be reversed 00 00 C0?)
+ e2:c:f Kingston Technologies
+ ec:10:0 Enance Source Co., Ltd. PC clones(?)
++0:bd:11 VMWare Inc
++0:bd:fb VMWare Inc
diff --git a/net/arpwatch-devel/files/patch-al b/net/arpwatch-devel/files/patch-al
new file mode 100644
index 0000000..235268f
--- /dev/null
+++ b/net/arpwatch-devel/files/patch-al
@@ -0,0 +1,26 @@
+--- ../arpwatch.orig/file.c Fri Oct 13 18:29:43 2000
++++ ./file.c Fri Sep 12 17:01:42 2003
+@@ -20,7 +20,7 @@
+ */
+ #ifndef lint
+ static const char rcsid[] =
+- "@(#) $Id: file.c,v 1.25 2000/10/13 22:29:42 leres Exp $ (LBL)";
++ "@(#) $Id: file.c,v 1.2 2003/09/12 21:01:42 mdg Exp $ (LBL)";
+ #endif
+
+ /*
+@@ -130,7 +130,13 @@
+ }
+ }
+
+- if (!(*fn)(a, e, t, h))
++ /* NULL for the interface here is ok because we don't do
++ * anything in ent_add() for einfo when initializing,
++ * and the only time this code section is reached is
++ * during initialization (via readdata()). snmp_add()
++ * is irrelevant, as no ether tracking has been added to it.
++ */
++ if (!(*fn)(a, e, t, h, NULL))
+ return(0);
+ }
+
diff --git a/net/arpwatch-devel/files/patch-am b/net/arpwatch-devel/files/patch-am
new file mode 100644
index 0000000..21a4076
--- /dev/null
+++ b/net/arpwatch-devel/files/patch-am
@@ -0,0 +1,9 @@
+--- ../arpwatch.orig/file.h Sun Jan 17 20:46:04 1999
++++ ./file.h Fri Sep 12 17:01:42 2003
+@@ -1,5 +1,5 @@
+ /* @(#) $Header: file.h,v 1.4 99/01/17 17:46:03 leres Exp $ (LBL) */
+
+-typedef int (*file_process)(u_int32_t, u_char *, time_t, char *);
++typedef int (*file_process)(u_int32_t, u_char *, time_t, char *, char *);
+
+ int file_loop(FILE *, file_process, const char *);
diff --git a/net/arpwatch-devel/files/patch-an b/net/arpwatch-devel/files/patch-an
new file mode 100644
index 0000000..b994a7f
--- /dev/null
+++ b/net/arpwatch-devel/files/patch-an
@@ -0,0 +1,126 @@
+--- ../arpwatch.orig/report.c Sat Sep 30 19:41:10 2000
++++ ./report.c Fri Sep 12 18:57:04 2003
+@@ -45,6 +45,8 @@
+
+ #include <ctype.h>
+ #include <errno.h>
++#include <fcntl.h>
++#include <paths.h>
+ #include <signal.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+@@ -70,6 +72,8 @@
+
+ #define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
+
++extern char *Watcher;
++
+ static int cdepth; /* number of outstanding children */
+
+ static char *fmtdate(time_t);
+@@ -232,15 +236,16 @@
+ }
+
+ void
+-report(register char *title, register u_int32_t a, register u_char *e1,
+- register u_char *e2, register time_t *t1p, register time_t *t2p)
++report(evt_type event, register u_int32_t a, register u_char *e1,
++ register u_char *e2, register time_t *t1p, register time_t *t2p,
++ register char *interface, register char *old_interface)
+ {
+ register char *cp, *hn;
+ register int fd, pid;
+ register FILE *f;
+ char tempfile[64], cpu[64], os[64];
+ char *fmt = "%20s: %s\n";
+- char *watcher = WATCHER;
++ char *watcher = Watcher ? Watcher : WATCHER;
+ char *watchee = WATCHEE;
+ char *sendmail = PATH_SENDMAIL;
+ char *unknown = "<unknown>";
+@@ -251,9 +256,15 @@
+ if (initializing)
+ return;
+
++ /* these types are sent to syslog instead of reported on.
++ * only continue if there are other events as well
++ */
++ if (event == NULL || (event & ~(IP_ETHER_REUSE | FLIPFLOP_DECNET) == 0))
++ return;
++
+ if (debug) {
+ if (debug > 1) {
+- dosyslog(LOG_NOTICE, title, a, e1, e2);
++ dosyslog(LOG_NOTICE, "event", a, e1, e2);
+ return;
+ }
+ f = stdout;
+@@ -270,7 +281,7 @@
+ }
+
+ /* Syslog this event too */
+- dosyslog(LOG_NOTICE, title, a, e1, e2);
++ dosyslog(LOG_NOTICE, "event", a, e1, e2);
+
+ /* Update child depth */
+ ++cdepth;
+@@ -304,12 +315,31 @@
+ (void)fprintf(f, "To: %s\n", watcher);
+ hn = gethname(a);
+ if (!isdigit(*hn))
+- (void)fprintf(f, "Subject: %s (%s)\n", title, hn);
++ (void)fprintf(f, "Subject: Arpwatch Event (%s)\n", hn);
+ else {
+- (void)fprintf(f, "Subject: %s\n", title);
++ (void)fprintf(f, "Subject: Arpwatch Event\n");
+ hn = unknown;
+ }
+ (void)putc('\n', f);
++
++ if (event & ETHER_NEW)
++ (void)fprintf(f, fmt, "event", "new ethernet device");
++ if (event & ETHER_IFCHG)
++ (void)fprintf(f, fmt, "event", "ethernet device changed interfaces");
++ if (event & ACTIVITY_NEW)
++ (void)fprintf(f, fmt, "event", "new activity");
++ if (event & IP_NEW)
++ (void)fprintf(f, fmt, "event", "new active IP address");
++ if (event & IP_ETHERCHG)
++ (void)fprintf(f, fmt, "event", "IP changed ethernet address");
++ if (event & FLIPFLOP)
++ (void)fprintf(f, fmt, "event", "flip flop");
++
++ (void)fprintf(f, fmt, "interface", interface);
++
++ if (old_interface != NULL)
++ (void)fprintf(f, fmt, "old interface", old_interface);
++
+ (void)fprintf(f, fmt, "hostname", hn);
+ (void)fprintf(f, fmt, "ip address", intoa(a));
+ (void)fprintf(f, fmt, "ethernet address", e2str(e1));
+@@ -344,6 +374,25 @@
+ exit(1);
+ }
+ /* XXX Need to freopen()? */
++
++ /*
++ * Open /dev/null as stdout and stderr so that sendmail 8.12.1 (and
++ * above ?) won't complain about missing file descriptors.
++ */
++ if ((fd = open(_PATH_DEVNULL, O_RDWR)) == -1) {
++ syslog(LOG_ERR, "Cannot open %s: %m", _PATH_DEVNULL);
++ exit(1);
++ }
++ if (dup2(fd, STDOUT_FILENO) == -1) {
++ syslog(LOG_ERR, "Cannot dup2 %s to stdout: %m", _PATH_DEVNULL);
++ exit(1);
++ }
++ if (dup2(fd, STDERR_FILENO) == -1) {
++ syslog(LOG_ERR, "Cannot dup2 %s to stderr: %m", _PATH_DEVNULL);
++ exit(1);
++ }
++ close(fd);
++
+ /* Always Deliver interactively (pause when child depth gets large) */
+ execl(sendmail, "sendmail", "-odi", watcher, NULL);
+ syslog(LOG_ERR, "execl: %s: %m", sendmail);
diff --git a/net/arpwatch-devel/files/patch-ao b/net/arpwatch-devel/files/patch-ao
new file mode 100644
index 0000000..2472b9f
--- /dev/null
+++ b/net/arpwatch-devel/files/patch-ao
@@ -0,0 +1,20 @@
+--- ../arpwatch.orig/report.h Wed Jun 5 01:40:54 1996
++++ ./report.h Mon Sep 15 15:03:20 2003
+@@ -1,3 +1,16 @@
+ /* @(#) $Header: report.h,v 1.3 96/06/04 22:40:53 leres Exp $ (LBL) */
+
+-void report(char *, u_int32_t, u_char *, u_char *, time_t *, time_t *);
++
++typedef enum
++ {
++ ETHER_NEW=1,
++ ETHER_IFCHG=2,
++ ACTIVITY_NEW=4,
++ IP_NEW=8,
++ IP_ETHERCHG=16,
++ IP_ETHER_REUSE=32,
++ FLIPFLOP=64,
++ FLIPFLOP_DECNET=128
++ } evt_type;
++
++void report(evt_type, u_int32_t, u_char *, u_char *, time_t *, time_t *, char *, char *);
diff --git a/net/arpwatch-devel/files/patch-ap b/net/arpwatch-devel/files/patch-ap
new file mode 100644
index 0000000..15b73b7
--- /dev/null
+++ b/net/arpwatch-devel/files/patch-ap
@@ -0,0 +1,78 @@
+--- ../arpwatch.orig/util.c Fri Oct 13 18:49:03 2000
++++ ./util.c Wed Sep 10 13:03:27 2003
+@@ -53,6 +53,7 @@
+
+ char *arpdir = ARPDIR;
+ char *arpfile = ARPFILE;
++char *etherfile = ETHERFILE;
+ char *ethercodes = ETHERCODES;
+
+ /* Broadcast ethernet addresses */
+@@ -105,7 +106,7 @@
+ dump(void)
+ {
+ register int fd;
+- char oldarpfile[256], newarpfile[256];
++ char oldarpfile[256], newarpfile[256], *oldetherfile, *newetherfile;
+
+ (void)sprintf(oldarpfile, "%s-", arpfile);
+ (void)sprintf(newarpfile, "%s.new", arpfile);
+@@ -130,6 +131,32 @@
+ syslog(LOG_ERR, "rename %s -> %s: %m", newarpfile, arpfile);
+ return(0);
+ }
++
++ /* ether info */
++ (void)asprintf(&oldetherfile, "%s-", etherfile);
++ (void)asprintf(&newetherfile, "%s.new", etherfile);
++
++ if ((fd = creat(newetherfile, 0644)) < 0) {
++ syslog(LOG_ERR, "creat(%s): %m", newetherfile);
++ return(0);
++ }
++ if ((dumpf = fdopen(fd, "w")) == NULL) {
++ syslog(LOG_ERR, "fdopen(%s): %m", newetherfile);
++ return(0);
++ }
++
++ fwrite(einfo_table, sizeof(struct einfo), et_cnt, dumpf);
++
++ (void)fclose(dumpf);
++ if (rename(etherfile, oldetherfile) < 0) {
++ syslog(LOG_ERR, "rename %s -> %s: %m", etherfile, oldetherfile);
++ return(0);
++ }
++ if (rename(newetherfile, etherfile) < 0) {
++ syslog(LOG_ERR, "rename %s -> %s: %m", newetherfile, etherfile);
++ return(0);
++ }
++
+ return(1);
+ }
+
+@@ -138,7 +165,9 @@
+ readdata(void)
+ {
+ register FILE *f;
++ char line[1024];
+
++ /* arp.dat */
+ if ((f = fopen(arpfile, "r")) == NULL) {
+ syslog(LOG_ERR, "fopen(%s): %m", arpfile);
+ return(0);
+@@ -147,6 +176,15 @@
+ (void)fclose(f);
+ return(0);
+ }
++ (void)fclose(f);
++
++ /* ether.dat */
++ if ((f = fopen(etherfile, "r")) == NULL) {
++ syslog(LOG_ERR, "fopen(%s): %m", etherfile);
++ return(0);
++ }
++
++ et_cnt = fread(einfo_table, sizeof(struct einfo), HASHSIZE, f);
+ (void)fclose(f);
+
+ /* It's not fatal if we can't open the ethercodes file */
diff --git a/net/arpwatch-devel/files/patch-aq b/net/arpwatch-devel/files/patch-aq
new file mode 100644
index 0000000..f300a7b
--- /dev/null
+++ b/net/arpwatch-devel/files/patch-aq
@@ -0,0 +1,12 @@
+--- ../arpwatch.orig/util.h Sun Oct 6 06:22:14 1996
++++ ./util.h Wed Sep 10 13:03:27 2003
+@@ -11,6 +11,9 @@
+ extern char *arpfile;
+ extern char *oldarpfile;
+ extern char *ethercodes;
++extern char *etherfile;
++extern struct einfo einfo_table[];
++extern int et_cnt;
+
+ extern u_char zero[6];
+ extern u_char allones[6];
diff --git a/net/arpwatch-devel/pkg-descr b/net/arpwatch-devel/pkg-descr
index 1e2e813..6c9ac86 100644
--- a/net/arpwatch-devel/pkg-descr
+++ b/net/arpwatch-devel/pkg-descr
@@ -1,21 +1,10 @@
-ARPWATCH 2.0
-Lawrence Berkeley National Laboratory
-Network Research Group
-arpwatch@ee.lbl.gov
-ftp://ftp.ee.lbl.gov/arpwatch.tar.Z
+This is a development fork of arpwatch. This has been threaded in
+order to better deal with the requirements of multi-interface
+routers. Information regarding MAC addresses and interfaces is
+maintained by the program, and an alert is issued should a device
+move between interfaces. In addition, event processing has been
+refactored, and some bugs have been fixed.
-This directory contains source code for arpwatch and arpsnmp, tools
-that monitors ethernet activity and maintain a database of ethernet/ip
-address pairings. It also reports certain changes via email.
+see net/arpwatch/pkg-descr for more information about arpwatch 2.x
-Arpsnmp has the same database features of arpwatch but relies on an
-external agent to collect the arp data. This distribution contains a
-script, arpfetch, that uses snmpwalk from the CMU SNMP package. This
-package is available from:
-
- ftp://ftp.net.cmu.edu/pub/snmp-dist/cmu-snmp*.tar.Z
-
-It should be trivial to adaptive the output of any snmp query program
-for use with arpsnmp.
-
-Please send bugs and comments to arpwatch@ee.lbl.gov.
+Matthew George <mdg@secureworks.net>
diff --git a/net/arpwatch-devel/pkg-plist b/net/arpwatch-devel/pkg-plist
index 107115d..7c02469 100644
--- a/net/arpwatch-devel/pkg-plist
+++ b/net/arpwatch-devel/pkg-plist
@@ -7,5 +7,7 @@ arpwatch/e.awk
arpwatch/p.awk
etc/rc.d/arpwatch.sh.sample
@unexec test -f %D/arpwatch/arp.dat && test -s %D/arpwatch/arp.dat || rm -f %D/arpwatch/arp.dat
+@unexec test -f %D/arpwatch/ether.dat && test -s %D/arpwatch/ether.dat || rm -f %D/arpwatch/ether.dat
@exec test -f %D/arpwatch/arp.dat || touch %D/arpwatch/arp.dat
+@exec test -f %D/arpwatch/ether.dat || touch %D/arpwatch/ether.dat
@dirrm arpwatch
OpenPOWER on IntegriCloud