Add pfflowd 0.4, convert pfsync states to NetFlow datagrams.

PR:		ports/63336
Submitted by:	Andrew Thompson <andy@fud.org.nz>

8 files changed, 264 insertions, 0 deletions

diff --git a/net/pfflowd/Makefile b/net/pfflowd/Makefile
new file mode 100644
index 0000000..e550de8
--- /dev/null
+++ b/net/pfflowd/Makefile
@@ -0,0 +1,43 @@
+# New ports collection makefile for:   pfflowd
+# Date created:        24 Feburary 2003
+# Whom:                Andrew Thompson <andy@fud.org.nz>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	pfflowd
+PORTVERSION=	0.4
+CATEGORIES=	net
+MASTER_SITES=	http://www.mindrot.org/files/pfflowd/
+
+MAINTAINER=	andy@fud.org.nz
+COMMENT=	Convert pfsync states to NetFlow datagrams
+
+BUILD_DEPENDS=	${LOCALBASE}/include/pf/net/pfvar.h:${PORTSDIR}/security/pf
+RUN_DEPENDS=	${LOCALBASE}/modules/pf.ko:${PORTSDIR}/security/pf
+
+MAN8=		pfflowd.8
+
+PLIST_FILES=	sbin/pfflowd \
+		etc/rc.d/pfflowd.sh.sample
+
+.include <bsd.port.pre.mk>
+
+.if ${OSVERSION} < 500000
+IGNORE=		"Only for 5.0 and above"
+.endif
+
+post-patch:
+	${SED} -e 's|@@PREFIX@@|${PREFIX}|g' < ${FILESDIR}/pfflowd.sh.sample \
+		> ${WRKSRC}/pfflowd.sh.sample
+
+pre-build:
+	${CAT} ${FILESDIR}/pidfile.h > ${WRKSRC}/pidfile.h
+	${CAT} ${FILESDIR}/pidfile.c > ${WRKSRC}/pidfile.c
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/pfflowd ${PREFIX}/sbin
+	${INSTALL_MAN} ${WRKSRC}/pfflowd.8 ${PREFIX}/man/man8
+	${INSTALL_SCRIPT} ${WRKSRC}/pfflowd.sh.sample ${PREFIX}/etc/rc.d/pfflowd.sh.sample
+
+.include <bsd.port.post.mk>
diff --git a/net/pfflowd/distinfo b/net/pfflowd/distinfo
new file mode 100644
index 0000000..454db25
--- /dev/null
+++ b/net/pfflowd/distinfo
@@ -0,0 +1,2 @@
+MD5 (pfflowd-0.4.tar.gz) = 5aef03a6df6286c24aae1490612d86fe
+SIZE (pfflowd-0.4.tar.gz) = 11199
diff --git a/net/pfflowd/files/patch-Makefile b/net/pfflowd/files/patch-Makefile
new file mode 100644
index 0000000..7486e76
--- /dev/null
+++ b/net/pfflowd/files/patch-Makefile
@@ -0,0 +1,24 @@
+--- Makefile	Mon Feb 16 16:30:46 2004
++++ Makefile	Wed Feb 25 16:39:29 2004
+@@ -7,17 +7,17 @@
+ LIBS=-lpcap -lutil #-lefence
+ LDFLAGS=-g
+ 
+-CFLAGS=-g -O $(WARNFLAGS)
++CFLAGS=-g -O $(WARNFLAGS) -I /usr/local/include/pf
+ 
+ # Uncomment this if you are using pfflowd on OpenBSD <=3.4
+-#CFLAGS+=-DOLD_PFSYNC
++CFLAGS+=-DOLD_PFSYNC
+ 
+ TARGETS=pfflowd
+ 
+ all: $(TARGETS)
+ 
+-pfflowd: pfflowd.o
+-	$(CC) $(LDFLAGS) -o $@ pfflowd.o  $(LIBS)
++pfflowd: pfflowd.o pidfile.o
++	$(CC) $(LDFLAGS) -o $@ pfflowd.o pidfile.o $(LIBS)
+ 
+ clean:
+ 	rm -f $(TARGETS) *.o core *.core
diff --git a/net/pfflowd/files/patch-pfflowd.c b/net/pfflowd/files/patch-pfflowd.c
new file mode 100644
index 0000000..273c0b1
--- /dev/null
+++ b/net/pfflowd/files/patch-pfflowd.c
@@ -0,0 +1,47 @@
+--- pfflowd.c   Wed Feb 25 16:16:35 2004
++++ pfflowd.c   Wed Feb 25 16:22:57 2004
+@@ -49,7 +49,11 @@
+ #include <syslog.h>
+ #include <time.h>
+ #include <unistd.h>
++#if defined(__FreeBSD__)
++#include "pidfile.h"
++#else
+ #include <util.h>
++#endif
+ 
+ #define	PROGNAME		"pfflowd"
+ #define	PROGVER			"0.3"
+@@ -185,6 +189,9 @@
+ parse_hostport(const char *s, struct sockaddr_in *addr)
+ {
+ 	char *host, *port;
++#if defined(__FreeBSD__)
++	int val;
++#endif
+ 
+ 	if ((host = strdup(s)) == NULL) {
+ 		fprintf(stderr, "Out of memory\n");
+@@ -197,12 +204,22 @@
+ 	}
+ 	*(port - 1) = '\0';
+ 	addr->sin_family = AF_INET;
++#if defined(__FreeBSD__)
++	val = atoi(port);
++	if (val <= 0 || val >= 65536) {
++		fprintf(stderr, "Invalid -n port.\n");
++		usage();
++		exit(1);
++	}
++	addr->sin_port = (in_port_t)val;
++#else
+ 	addr->sin_port = atoi(port);
+ 	if (addr->sin_port <= 0 || addr->sin_port >= 65536) {
+ 		fprintf(stderr, "Invalid -n port.\n");
+ 		usage();
+ 		exit(1);
+ 	}
++#endif
+ 	addr->sin_port = htons(addr->sin_port);
+ 	if (inet_aton(host, &addr->sin_addr) == 0) {
+ 		fprintf(stderr, "Invalid -n host.\n");
diff --git a/net/pfflowd/files/pfflowd.sh.sample b/net/pfflowd/files/pfflowd.sh.sample
new file mode 100644
index 0000000..65ba59d
--- /dev/null
+++ b/net/pfflowd/files/pfflowd.sh.sample
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# Enter the host to send the netflow datagrams to, the format
+# is IP:PORT (e.g 127.0.0.1:2055)
+host="127.0.0.1:2055"
+
+case "$1" in
+	start)
+		echo -n " pfflowd"
+		@@PREFIX@@/sbin/pfflowd -n ${host}
+		;;
+
+	stop)
+		if [ ! -f /var/run/pfflowd.pid ]; then
+			echo "pfflowd not running"
+			exit 64
+		fi
+		kill `cat /var/run/pfflowd.pid`
+		;;
+esac
diff --git a/net/pfflowd/files/pidfile.c b/net/pfflowd/files/pidfile.c
new file mode 100644
index 0000000..61eca26
--- /dev/null
+++ b/net/pfflowd/files/pidfile.c
@@ -0,0 +1,121 @@
+/*	$OpenBSD: pidfile.c,v 1.5 2002/05/26 09:29:02 deraadt Exp $	*/
+/*	$NetBSD: pidfile.c,v 1.4 2001/02/19 22:43:42 cgd Exp $	*/
+
+/*-
+ * Copyright (c) 1999 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Jason R. Thorpe.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *        This product includes software developed by the NetBSD
+ *        Foundation, Inc. and its contributors.
+ * 4. Neither the name of The NetBSD Foundation nor the names of its
+ *    contributors may be used to endorse or promote products derived
+ *    from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#if defined(LIBC_SCCS) && !defined(lint)
+static const char rcsid[] = "$OpenBSD: pidfile.c,v 1.5 2002/05/26 09:29:02 deraadt Exp $";
+#endif /* LIBC_SCCS and not lint */
+
+#include <sys/param.h>
+#include <errno.h>
+#include <paths.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+#if defined(__FreeBSD__)
+#include "pidfile.h"
+#else
+#include <util.h>
+#endif
+
+static char *pidfile_path;
+static pid_t pidfile_pid;
+
+static void pidfile_cleanup(void);
+
+extern char *__progname;
+
+int
+pidfile(const char *basename)
+{
+	FILE *f;
+	int save_errno;
+	pid_t pid;
+
+	if (basename == NULL)
+		basename = __progname;
+
+	if (pidfile_path != NULL) {
+		free(pidfile_path);
+		pidfile_path = NULL;
+	}
+
+	/* _PATH_VARRUN includes trailing / */
+	(void) asprintf(&pidfile_path, "%s%s.pid", _PATH_VARRUN, basename);
+	if (pidfile_path == NULL)
+		return (-1);
+
+	if ((f = fopen(pidfile_path, "w")) == NULL) {
+		save_errno = errno;
+		free(pidfile_path);
+		pidfile_path = NULL;
+		errno = save_errno;
+		return (-1);
+	}
+
+	pid = getpid();
+	if (fprintf(f, "%ld\n", (long)pid) <= 0 || fclose(f) != 0) {
+		save_errno = errno;
+		(void) unlink(pidfile_path);
+		free(pidfile_path);
+		pidfile_path = NULL;
+		errno = save_errno;
+		return (-1);
+	}
+
+	pidfile_pid = pid;
+	if (atexit(pidfile_cleanup) < 0) {
+		save_errno = errno;
+		(void) unlink(pidfile_path);
+		free(pidfile_path);
+		pidfile_path = NULL;
+		pidfile_pid = 0;
+		errno = save_errno;
+		return (-1);
+	}
+
+	return (0);
+}
+
+static void
+pidfile_cleanup(void)
+{
+
+	if (pidfile_path != NULL && pidfile_pid == getpid())
+		(void) unlink(pidfile_path);
+}
diff --git a/net/pfflowd/files/pidfile.h b/net/pfflowd/files/pidfile.h
new file mode 100644
index 0000000..542325f
--- /dev/null
+++ b/net/pfflowd/files/pidfile.h
@@ -0,0 +1 @@
+int pidfile(const char *);
diff --git a/net/pfflowd/pkg-descr b/net/pfflowd/pkg-descr
new file mode 100644
index 0000000..dbd482d
--- /dev/null
+++ b/net/pfflowd/pkg-descr
@@ -0,0 +1,6 @@
+pfflowd converts OpenBSD PF status messages (sent via the pfsync interface) to
+Cisco NetFlow datagrams. These datagrams may be sent (via UDP) to a host of
+one's choice. Utilising the OpenBSD stateful packet filter infrastructure means
+that flow tracking is very fast and accurate.
+
+WWW: http://www.mindrot.org/pfflowd.html