The tool is a simple flow-analyzing passive L7 fingerprinter. It

examines the sequence of client-server exchanges, their relative
layer 7 payload sizes, and transmission intervals (as opposed to
inspecting the contents, which is what most passive fingerprinters
and "smart" sniffers would do to analyze transmissions). This is
then matched against a database of traffic pattern signatures to
infer some interesting facts about the traffic.

PR:		ports/106351
Submitted by:	trasz <trasz at pin.if.uz.zgora.pl>

6 files changed, 65 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 1031101eeb32..14050f613566 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -118,6 +118,7 @@
     SUBDIR += find-zlib
     SUBDIR += find_ddos
     SUBDIR += firewalk
+    SUBDIR += fl0p
     SUBDIR += flawfinder
     SUBDIR += fpc-hash
     SUBDIR += fpm
diff --git a/security/fl0p/Makefile b/security/fl0p/Makefile
new file mode 100644
index 000000000000..385e0cf86adc
--- /dev/null
+++ b/security/fl0p/Makefile
@@ -0,0 +1,35 @@
+# New ports collection makefile for:	fl0p
+# Date created:		2006-12-04
+# Whom:			trasz <trasz@pin.if.uz.zgora.pl>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	fl0p
+PORTVERSION=	0.0.2.b
+CATEGORIES=	security
+MASTER_SITES=	http://lcamtuf.coredump.cx/soft/
+DISTNAME=	fl0p-devel
+EXTRACT_SUFX=	.tgz
+
+MAINTAINER=	trasz@pin.if.uz.zgora.pl
+COMMENT=	Passive L7 flow fingerprinting tool
+
+WRKSRC=		${WRKDIR}/fl0p/
+
+post-patch:
+	${REINPLACE_CMD} -e 's|%%PREFIX%%|${PREFIX}|' ${WRKSRC}/config.h
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/fl0p ${PREFIX}/bin
+	${MKDIR} ${DATADIR}
+	${INSTALL_DATA} ${WRKSRC}/fl0p.fp ${DATADIR}/
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+	${INSTALL_MAN} ${WRKSRC}/doc/README ${DOCSDIR}/
+	${INSTALL_MAN} ${WRKSRC}/doc/ChangeLog ${DOCSDIR}/
+	${INSTALL_MAN} ${WRKSRC}/doc/TODO ${DOCSDIR}/
+	${INSTALL_MAN} ${WRKSRC}/doc/CREDITS ${DOCSDIR}/
+.endif
+
+.include <bsd.port.mk>
diff --git a/security/fl0p/distinfo b/security/fl0p/distinfo
new file mode 100644
index 000000000000..f1775c128c55
--- /dev/null
+++ b/security/fl0p/distinfo
@@ -0,0 +1,3 @@
+MD5 (fl0p-devel.tgz) = 2f5fe95ef695eb2ff566ca2aa403b945
+SHA256 (fl0p-devel.tgz) = a6ccc98cfad2330b7baf0827c44657e35cb6c387ab1e55e4b3f8bb762b4161bc
+SIZE (fl0p-devel.tgz) = 30297
diff --git a/security/fl0p/files/patch-config.h b/security/fl0p/files/patch-config.h
new file mode 100644
index 000000000000..35ba3f8cfd5c
--- /dev/null
+++ b/security/fl0p/files/patch-config.h
@@ -0,0 +1,11 @@
+--- config.h.orig	Mon Dec  4 22:49:35 2006
++++ config.h	Mon Dec  4 22:50:40 2006
+@@ -19,7 +19,7 @@
+ #ifdef WIN32
+ #  define CONFIG_DIR	"."
+ #else
+-#  define CONFIG_DIR	"/etc/fl0p"
++#  define CONFIG_DIR	"%%PREFIX%%/share/fl0p"
+ #endif /* WIN32 */
+ 
+ #define FPRINT_DB	"fl0p.fp"
diff --git a/security/fl0p/pkg-descr b/security/fl0p/pkg-descr
new file mode 100644
index 000000000000..a6314b93992a
--- /dev/null
+++ b/security/fl0p/pkg-descr
@@ -0,0 +1,7 @@
+The tool is a simple flow-analyzing passive L7 fingerprinter. It
+examines the sequence of client-server exchanges, their relative
+layer 7 payload sizes, and transmission intervals (as opposed to
+inspecting the contents, which is what most passive fingerprinters
+and "smart" sniffers would do to analyze transmissions). This is
+then matched against a database of traffic pattern signatures to
+infer some interesting facts about the traffic.
diff --git a/security/fl0p/pkg-plist b/security/fl0p/pkg-plist
new file mode 100644
index 000000000000..e4a89e589159
--- /dev/null
+++ b/security/fl0p/pkg-plist
@@ -0,0 +1,8 @@
+bin/fl0p
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/ChangeLog
+%%PORTDOCS%%%%DOCSDIR%%/TODO
+%%PORTDOCS%%%%DOCSDIR%%/CREDITS
+%%PORTDOCS%%@dirrm %%DOCSDIR%%
+%%DATADIR%%/fl0p.fp
+@dirrm %%DATADIR%%