aboutsummaryrefslogtreecommitdiffstats
path: root/net/p0f
diff options
context:
space:
mode:
authortrevor <trevor@FreeBSD.org>2002-01-21 16:47:53 +0800
committertrevor <trevor@FreeBSD.org>2002-01-21 16:47:53 +0800
commit4a094d4210980a721ba83262378ce71ef318b7a9 (patch)
tree6ce13d07d8edc26fca93e12b57db1d354e9372d8 /net/p0f
parentdc0f0b51f2ec51d68cb9fae0e9cb1e3f91d76340 (diff)
downloadfreebsd-ports-gnome-4a094d4210980a721ba83262378ce71ef318b7a9.tar.gz
freebsd-ports-gnome-4a094d4210980a721ba83262378ce71ef318b7a9.tar.zst
freebsd-ports-gnome-4a094d4210980a721ba83262378ce71ef318b7a9.zip
Update to "1.8 final release". Change master site. Add new home
page. Install new man page. Be verbose. Add patch to fix new -o option. Update patch to README (the old one was integrated upstream). The new patches have been sent to William Stearns.
Diffstat (limited to 'net/p0f')
-rw-r--r--net/p0f/Makefile17
-rw-r--r--net/p0f/distinfo2
-rw-r--r--net/p0f/files/patch-README305
-rw-r--r--net/p0f/files/patch-p0f.c16
-rw-r--r--net/p0f/pkg-descr2
5 files changed, 35 insertions, 307 deletions
diff --git a/net/p0f/Makefile b/net/p0f/Makefile
index c035831401b3..a1b38dbd579c 100644
--- a/net/p0f/Makefile
+++ b/net/p0f/Makefile
@@ -7,28 +7,29 @@
PORTNAME= p0f
PORTVERSION= 1.8
+PORTREVISION= 1
CATEGORIES= net
-MASTER_SITES= http://lcamtuf.hack.pl/
-DISTNAME= ${PORTNAME}
+MASTER_SITES= http://www.stearns.org/p0f/
EXTRACT_SUFX= .tgz
MAINTAINER= trevor@FreeBSD.org
-WRKSRC= ${WRKDIR}/${PORTNAME}-${PORTVERSION}
+MAN1= p0f.1
post-patch:
- @${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" \
+ ${PERL} -pi -e "s=/etc=${PREFIX}/etc=g" \
${WRKSRC}/README \
${WRKSRC}/p0f.c
do-install:
- @${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin
- @${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/etc
+ ${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/bin
+ ${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/etc
+ ${INSTALL_MAN} ${WRKSRC}/${MAN1} ${MANPREFIX}/man/man1
post-install:
.if !defined(NOPORTDOCS)
- @${MKDIR} ${PREFIX}/share/doc/p0f
- @${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/p0f
+ ${MKDIR} ${PREFIX}/share/doc/p0f
+ ${INSTALL_DATA} ${WRKSRC}/README ${PREFIX}/share/doc/p0f
.endif
.include <bsd.port.mk>
diff --git a/net/p0f/distinfo b/net/p0f/distinfo
index b02d48c10055..64553d9ff86d 100644
--- a/net/p0f/distinfo
+++ b/net/p0f/distinfo
@@ -1 +1 @@
-MD5 (p0f.tgz) = 56d6797b8f0e9f00715dd59b4e5f6822
+MD5 (p0f-1.8.tgz) = a800396508a9d4bd4e4204a76ea79c2e
diff --git a/net/p0f/files/patch-README b/net/p0f/files/patch-README
index 6d8750a3529a..1e201f6ac13f 100644
--- a/net/p0f/files/patch-README
+++ b/net/p0f/files/patch-README
@@ -1,302 +1,11 @@
-patch to version 1.8.test9
-
-- mention the FreeBSD port
-- mention that BSD make, not just GNU make, is adequate
-- some rewording for clarity, not intended to change meaning
-- reformatting of white space, mostly done with "fmt 79 80"
-- spelling changes, mostly suggested by ispell
-
---- README.old Thu Nov 22 16:37:28 2001
-+++ README Wed Jan 9 12:10:53 2002
-@@ -18,17 +18,17 @@
- Project Status
- --------------
+--- README.old Thu Jan 17 21:58:09 2002
++++ README Sun Jan 20 23:30:58 2002
+@@ -94,7 +94,7 @@
-- As for today, this packet is hosted and maintained by William Stearns
-- <wstearns@pobox.com>. Original code comes from Michal Zalewski
-- <lcamtuf@coredump.cx>. Feel free to mail William or both of us with
-- bugfixes, ideas, etc =)
-+ This program is now hosted and maintained by William Stearns
-+ <wstearns@pobox.com>. It was originally written by Michal Zalewski
-+ <lcamtuf@coredump.cx>. Feel free to mail William or both of us with
-+ bug-fixes, ideas, etc. =)
-
-
- -----------------
- Special thanks to
- -----------------
-
-- * Lance Spitzner for whitepaper on passive OS fingerprinting:
-+ * Lance Spitzner for white paper on passive OS fingerprinting:
- http://www.enteract.com/~lspitz/finger.html
-
- * tf8 for initial piece of libpcap support and packet parsing
-@@ -36,7 +36,7 @@
- * teso/security.is/b0f/#hax for ideas and testing
-
- * Jeremy Weatherford, Chris Wilson and Szilveszter Adam for
-- portability testing/patches, bugfixes and ideas,
-+ portability testing/patches, bug-fixes and ideas,
-
- * other BUGTRAQ readers for OS fingerprints and useful patches
-
-@@ -49,126 +49,127 @@
- Background
- ----------
-
-- * What is passive OS fingerprinting?
--
-- Passive OS fingerprinting technique is based on information coming
-- from remote host when it tries to establish a connection to your system.
-- Captured packet parameters contain enough information to determine
-- remote OS - and, unlike active scanners (nmap, queSO) - this is done
-- without sending anything to this host.
--
-- If you're looking for more information on this approach, read Spitzner's
-- whitepaper at http://www.enteract.com/~lspitz/finger.html :)
--
-+ * What is passive OS fingerprinting?
-+
-+ The passive OS fingerprinting technique is based on information coming from a
-+ remote host when it tries to establish a connection to your system. Captured
-+ packet parameters contain enough information to identify the remote OS. In
-+ contrast to active scanners such as nmap and queSO, p0f does this without
-+ sending anything to the remote host.
-+
-+ If you're looking for more information on this approach, read Spitzner's white
-+ paper (mentioned above). :)
-+
- In short, there are certain TCP/IP flag settings specific for given systems.
-- Usually initial TTL (8 bits), window size (16 bits), maximum segment size
-- (16 bits), don't fragment flag (1 bit), sackOK option (1 bit), nop option
-- (1 bit), window scaling option (8 bits), initial packet size (16 bits)
-- vary from one TCP stack implementation to another, and, combined together,
-- give unique, 67-bit signature for every system.
--
-- Some portions of p0f code are currently used by IDS systems and
-- sniffer software.
--
-- * What are main advantages?
--
-- Passive OS fingerprinting can be done on huge portions of input data - eg.
-- information gathered on firewall, proxy, routing device or Internet server,
-- without causing any network activity. You can launch passive OS detection
-- software on such machine and leave it for days, weeks or months, collecting
-- really interesting statistical information about your customers, about
-- attackers, other servers, etc. What's really funny - packet filtering
-- firewalls, network address translation and so on are almost always
-- transparent to p0f-alike software, so you're able to obtain information
-- about systems behind the firewall. Also, such software can determine
-- distance between remote host and your system, allowing you to generate
-- network structure maps for firewalled/structural networks. And all without
-- sending a single packet. Nice, especially for IDSes.
-+ Usually initial TTL (8 bits), window size (16 bits), maximum segment size (16
-+ bits), don't fragment flag (1 bit), sackOK option (1 bit), nop option (1 bit),
-+ window scaling option (8 bits), and initial packet size (16 bits) vary from
-+ one TCP stack implementation to another. Together, they give a unique, 67-bit
-+ signature for every system.
-+
-+ Some portions of the p0f code are currently used by IDS systems and sniffer
-+ software.
-+
-+ * What are the main advantages?
-+
-+ Passive OS fingerprinting can be done on huge amounts of input data - for
-+ example, information gathered on a firewall, proxy, routing device or Internet
-+ server - without causing any network activity. You can launch passive OS
-+ detection software on such a machine and leave it for days, weeks or months,
-+ collecting really interesting statistical information about your customers,
-+ attackers, other servers, etc. Since packet filtering firewalls, network
-+ address translation and so on are almost always transparent to p0f-alike
-+ software, you're able to obtain information about systems behind the firewall.
-+ Also, such software can determine the distance between a remote host and your
-+ system, allowing you to generate network structure maps for
-+ firewalled/structural networks. All this can be done without sending a single
-+ packet. It is especially nice for IDSes.
-
-
- -----------
- Limitations
- -----------
-
-- Proxy firewalls and other high-level proxy devices are not transparent to
-- any TCP-level fingerprinting software. The device itself will be
-- fingerprinted, not actual source hosts.
--
-+ Proxy firewalls and other high-level proxy devices are not transparent to any
-+ TCP-level fingerprinting software. The device itself will be fingerprinted,
-+ not actual source hosts.
-+
In order to obtain information required for fingerprinting, you have to
-- receive at least one SYN packet initializing TCP connection to your
-- machine or network. Note: you don't have to respond to particular SYN.
-- Of course, it's impossible to perform any kind of OS detection witout
-- receiving any information.
--
-- It is possible to perform passive fingerprinting on live TCP connection, or
-- on a connection established by you to a remote host. However, these
-- techniques are less reliable (many implementations copy parameters from
-- the first SYN packet; other parameters change rapidly with time).
--
--
-------------------------------------------
--Is there anything special about this one?
-------------------------------------------
--
-- There is another passive OS detection utility, called 'siphon'. It's
-- pretty good piece of proof-of-concept software, but it isn't perfect. Well,
-- p0f isn't perfect for sure, but features some improvements:
--
-+ receive at least one SYN packet initializing TCP connection to your machine or
+ receive at least one SYN packet initiating a TCP connection to your machine or
+- or network. Note: you don't have to respond to this particular SYN. Of course,
+ network. Note: you don't have to respond to this particular SYN. Of course,
-+ it's impossible to perform any kind of OS detection without receiving any
-+ information.
-+
-+ It is possible to perform passive fingerprinting on a live TCP connection, or
-+ on a connection established by you to a remote host. However, these techniques
-+ are less reliable (many implementations copy parameters from the first SYN
-+ packet; other parameters change rapidly with time).
-+
-+
-+---------------------------------------------
-+Is there anything special about this program?
-+---------------------------------------------
-+
-+ There is another passive OS detection utility, called 'siphon'. It's a pretty
-+ good piece of proof-of-concept software, but it isn't perfect. Well, p0f
-+ isn't perfect for sure, but features some improvements:
-+
- - it's single-threaded and pretty clean,
--
-+
- - works properly on Linuxes (siphon has a problem with bpf on 2.2), as
- well as on BSD systems and SunOS/Solaris,
--
-+
- - has pretty large and detailed fingerprints database,
--
-+
- - uses more information for fingerprinting (42 extra bits),
--
-+
- - it's more accurate,
--
-+
- - you can define your own filtering rules in the tcpdump flavour:
-- p0f 'src host 1.2.3.4' or p0f 'gateway 1.2.3.4 and port 80', and
-- listening interface (using option -i).
--
-- What more? Dunno :) Simply, check it out.
-+ p0f 'src host 1.2.3.4' or p0f 'gateway 1.2.3.4 and port 80', and listening
-+ interface (using option -i).
-+
-+ What more? Dunno. :) Simply, check it out.
-
-
- ------------
- Not working!
- ------------
-
-- Probably p0f isn't working well on every platform in the world; first
-- of all, you'll need libpcap 0.4 or newer; sometimes pcap.h is placed in
-- /usr/include/pcap instead of /usr/include/ (eg. in broken RH 6.1 package).
-- In this case, simply issue:
--
-- ln -s /usr/include/pcap/pcap.h /usr/include/
-- ln -s /usr/include/pcap/net/bpf.h /usr/include/net/
--
-- NOTE: if p0f recognized system incorrectly or cannot recognize it at all,
-- please send OS signature and system description to author. Thanks :)
--
-+ Probably p0f isn't working well on every platform in the world. First of all,
-+ you'll need libpcap 0.4 or newer; sometimes pcap.h is placed in
-+ /usr/include/pcap instead of /usr/include/ (for example, in the broken Red Hat
-+ 6.1 package). In this case, simply issue:
-+
-+ ln -s /usr/include/pcap/pcap.h /usr/include/
-+ ln -s /usr/include/pcap/net/bpf.h /usr/include/net/
-+
-+ NOTE: if p0f recognized the system incorrectly or cannot recognize it at all,
-+ please send the OS signature and system description to the author. Thanks. :)
-+
- Tested platforms:
-
- - NetBSD
- - FreeBSD
-+ in the ports collection
- - OpenBSD
- - Linux 2.0/2.2/2.4
- http://www.stearns.org/p0f/
- - Solaris 2.6-2.7
- - LinuxPPC
- http://rpmfind.net/linux/RPM/linuxPPC/contrib/software/Applications/Networking/p0f-1.7-0.ppc.html
--
-- Requires: libpcap 0.4 or newer; GNU cc 2.7.x or newer; GNU make 3.7x;
-- GNU egrep (for proper Makefile processing)
-
--
-+ Requires: libpcap 0.4 or newer; GNU cc 2.7.x or newer; GNU make 3.7x or BSD
-+ make; GNU egrep (for proper Makefile processing)
-+
-+
- -------------
- Configuration
- -------------
-
-- /etc/p0f.fp or ./p0f.fp - OS fingerprints database. Format is described
-- inside:
--
-+ The database of OS fingerprints is usually kept in /etc/p0f.fp or ./p0f.fp .
-+ Its format is described below:
-+
- #
- # p0f - passive OS fingerprinting
- # -------------------------------
-@@ -208,9 +209,9 @@
- # W - window scaling (-1=not present, other=value)
- # S - sackOK flag (0=unset, 1=set)
- # N - nop flag (0=unset, 1=set)
-- # I - declared packet size (-1 = irrevelant)
-+ # I - declared packet size (-1 = irrelevant)
- #
--
-+
-
- --------------------
- What should be done?
-@@ -218,22 +219,22 @@
-
- - Colorful interface, of course ;)
- - Packet sizes added for old fingerprints
-- - Manpage and other user-friendly features
-+ - Man page and other user-friendly features
-
-
- -------------------
- License, disclaimer
- -------------------
+ it's impossible to perform any kind of OS detection without receiving any
+ information.
-- The p0f utility and related utilities are free software; you can
-- redistribute it and/or modify it under the terms of the GNU Library
-- General Public License as published by the Free Software Foundation;
-- either version 2 of the License, or (at your option) any later version.
--
-- THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-- FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
-- MICHAL ZALEWSKI, OR ANY OTHER CONTRIBUTORS BE LIABLE FOR ANY CLAIM,
-- DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
-- OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
-- OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-+ The p0f utility and related utilities are free software; you can redistribute
-+ it and/or modify it under the terms of the GNU Library General Public License
-+ as published by the Free Software Foundation; either version 2 of the License,
-+ or (at your option) any later version.
-+
-+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-+ FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL
-+ MICHAL ZALEWSKI, OR ANY OTHER CONTRIBUTORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-+ OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-+ FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
-+ IN THE SOFTWARE.
diff --git a/net/p0f/files/patch-p0f.c b/net/p0f/files/patch-p0f.c
new file mode 100644
index 000000000000..5d5c61e2f1ca
--- /dev/null
+++ b/net/p0f/files/patch-p0f.c
@@ -0,0 +1,16 @@
+--- p0f.c.orig Thu Jan 17 21:05:58 2002
++++ p0f.c Mon Jan 21 00:22:56 2002
+@@ -348,10 +348,9 @@
+ T_tstamp = 1;
+ break;
+ case 'o':
+- { FILE* x;
+- x=fopen(optarg,"a");
+- if (!x) { perror(optarg); exit(1); }
+- stdout=x;
++ if (!freopen(optarg,"a",stdout)) {
++ perror(optarg);
++ exit(1);
+ }
+ break;
+ default:
diff --git a/net/p0f/pkg-descr b/net/p0f/pkg-descr
index 10ff2af92c7e..def189dd1264 100644
--- a/net/p0f/pkg-descr
+++ b/net/p0f/pkg-descr
@@ -19,3 +19,5 @@ http://www.infoworld.com/articles/op/xml/00/05/29/000529opswatch.xml
if you do not understand how this can be harmful. Running p0f with
no options will cause it to analyse packets intended for other
hosts.
+
+WWW: http://www.stearns.org/p0f/