diff --git a/.cvsignore b/.cvsignore index e69de29..cbe9db3 100644 --- a/.cvsignore +++ b/.cvsignore @@ -0,0 +1,2 @@ +netsniff-ng-0.5.3.tar.gz +netsniff-ng-0.5.5.0.tar.gz diff --git a/check_packets.patch b/check_packets.patch new file mode 100644 index 0000000..6246a7f --- /dev/null +++ b/check_packets.patch @@ -0,0 +1,50 @@ +--- netsniff-ng_0.5.3/src/Makefile 2009-12-07 12:28:47.000000000 +0000 ++++ netsniff-ng_0.5.3/src/Makefile.1 2010-02-23 16:03:07.535880239 +0000 +@@ -7,42 +7,29 @@ + INCLUDE = -Iinclude + CFLAGS = -Wall -O2 + +-NAME_NETSNIFF = netsniff-ng +-OBJECTS_NETSNIFF = netsniff-ng.o +- + NAME_CHECKP = check_packets + OBJECTS_CHECKP = check_packets.o + + BINDIR = usr/bin +-ETCDIR = etc +-MANDIR = usr/share/man/man8 +-MANDIR_LOCAL = doc ++#ETCDIR = etc ++#MANDIR = usr/share/man/man8 ++#MANDIR_LOCAL = doc + +-all: check_packets netsniff-ng ++all: check_packets + + check_packets: $(OBJECTS_CHECKP) + $(CC) -o $(NAME_CHECKP) $(OBJECTS_CHECKP) $(LIBS) + +-netsniff-ng: $(OBJECTS_NETSNIFF) +- $(CC) -o $(NAME_NETSNIFF) $(OBJECTS_NETSNIFF) $(LIBS) + + %.o: %.c + $(CC) -c $(CFLAGS) $(INCLUDE) $< + + install: +- install -D $(NAME_NETSNIFF) $(DESTDIR)/$(BINDIR)/$(NAME_NETSNIFF) + install -D $(NAME_CHECKP) $(DESTDIR)/$(BINDIR)/$(NAME_CHECKP) +- install -d $(DESTDIR)/$(ETCDIR)/$(NAME_NETSNIFF) +- cp -r rules/ $(DESTDIR)/$(ETCDIR)/$(NAME_NETSNIFF) +- cat $(MANDIR_LOCAL)/$(NAME_NETSNIFF).8 | gzip > $(MANDIR_LOCAL)/$(NAME_NETSNIFF).8.gz +- install -D $(MANDIR_LOCAL)/$(NAME_NETSNIFF).8.gz $(DESTDIR)/$(MANDIR)/$(NAME_NETSNIFF).8.gz + + clean: +- rm *.o $(NAME_NETSNIFF) $(NAME_CHECKP) $(MANDIR_LOCAL)/$(NAME_NETSNIFF).8.gz || true ++ rm *.o $(NAME_CHECKP) || true + + uninstall: +- rm $(DESTDIR)/$(BINDIR)/$(NAME_NETSNIFF) || true + rm $(DESTDIR)/$(BINDIR)/$(NAME_CHECKP) || true +- rm -rf $(DESTDIR)/$(ETCDIR)/$(NAME_NETSNIFF) || true +- rm $(DESTDIR)/$(MANDIR)/$(NAME_NETSNIFF).8.gz || true + diff --git a/import.log b/import.log new file mode 100644 index 0000000..bcb6bfe --- /dev/null +++ b/import.log @@ -0,0 +1 @@ +netsniff-ng-0_5_5_0-0_4_211svn_fc12:HEAD:netsniff-ng-0.5.5.0-0.4.211svn.fc12.src.rpm:1267610939 diff --git a/netsniff-ng-help_text.patch b/netsniff-ng-help_text.patch new file mode 100644 index 0000000..55b1885 --- /dev/null +++ b/netsniff-ng-help_text.patch @@ -0,0 +1,49 @@ +--- netsniff-ng_0.5.5.0/src/lib/misc.c 2010-02-02 11:14:07.959293167 +0000 ++++ netsniff-ng_0.5.5.0/src/lib/misc.c.1 2010-02-16 09:03:47.175522785 +0000 +@@ -59,23 +59,23 @@ + printf("\n"); + printf("Options for net dev:\n"); + printf(" -d|--dev use device for capturing packets, e.g. `eth0`\n"); +- printf(" -m|--mtu temporarily adjust MTU of NIC\n"); ++ printf("* -m|--mtu temporarily adjust MTU of NIC\n"); + printf("\n"); + printf("Options for packet dumping/replaying:\n"); +- printf(" -p|--dump dump all matching packets in a pcap file\n"); ++ printf("* -p|--dump dump all matching packets in a pcap file\n"); + printf(" for a better performance, combine with -s|--silent\n"); +- printf(" -r|--replay replay all packets from a pcap dump file\n"); +- printf(" -q|--quit-after quit dump/replay after pckts / MB\n"); ++ printf("* -r|--replay replay all packets from a pcap dump file\n"); ++ printf("* -q|--quit-after quit dump/replay after pckts / MB\n"); + printf("\n"); + printf("Options for packet filtering:\n"); + printf(" -f|--filter use file as packet filter\n"); +- printf(" -t|--type only show packets of type (this is non-BPF -> slower)\n"); ++ printf("* -t|--type only show packets of type (this is non-BPF -> slower)\n"); + printf(" `host` - to us\n"); + printf(" `broadcast` - to all\n"); + printf(" `multicast` - to group\n"); + printf(" `others` - to others\n"); + printf(" `outgoing` - from us\n"); +- printf(" -g|--generate generate packet filter code according to \n"); ++ printf("* -g|--generate generate packet filter code according to \n"); + printf("\n"); + printf("Options for system scheduler/process:\n"); + printf(" -b|--bind-cpu bind process to specific CPU/CPU-range\n"); +@@ -84,7 +84,7 @@ + printf(" -n|--non-block non-blocking packet capturing mode\n"); + printf("\n"); + printf("Options for packet printing:\n"); +- printf(" -N|--no-color do not colorize captured packet output\n"); ++ printf("* -N|--no-color do not colorize captured packet output\n"); + printf(" -s|--silent do not print captured packets (silent mode)\n"); + printf("\n"); + printf("Options for system daemon:\n"); +@@ -97,6 +97,7 @@ + printf(" -v|--version prints out version\n"); + printf(" -h|--help prints out this help\n"); + printf("\n"); ++ printf("* = Not yet implemented"); + printf("Note:\n"); + printf(" - Sending a SIGUSR1 will show current packet statistics\n"); + printf(" - Sending a SIGUSR2 will toggle silent and packet printing mode\n"); diff --git a/netsniff-ng-uds_server.patch b/netsniff-ng-uds_server.patch new file mode 100644 index 0000000..459f836 --- /dev/null +++ b/netsniff-ng-uds_server.patch @@ -0,0 +1,14 @@ +--- netsniff-ng_0.5.5.0/src/netsniff-ng.c 2010-02-02 11:14:07.157284078 +0000 ++++ netsniff-ng_0.5.5.0/src/netsniff-ng.c.1 2010-02-14 17:51:39.572993396 +0000 +@@ -218,10 +218,7 @@ + local.sun_family = AF_UNIX; + strncpy(local.sun_path, sockfile, sizeof(local.sun_path)); + +- if (unlink(local.sun_path) != 0) { +- perr("cannot unlink %s\n", local.sun_path); +- pthread_exit(0); +- } ++ unlink(local.sun_path); /* Don't care if this fails */ + + info("bind socket to %s\n", local.sun_path); + diff --git a/netsniff-ng.init b/netsniff-ng.init new file mode 100644 index 0000000..3ad814a --- /dev/null +++ b/netsniff-ng.init @@ -0,0 +1,111 @@ +#! /bin/bash +# +# netsniff-ng High performance network sniffer for packet inspection +# +# chkconfig: - 90 10 +# description: High performance network sniffer for packet inspection +# processname: netsniff-ng + +### BEGIN INIT INFO +# Provides: netsniff-ng +# Required-Start: $local_fs $network +# Required-Stop: $local_fs $network +# Should-Start: +# Should-Stop: +# Default-Start: +# Default-Stop: 0 1 2 3 4 5 6 +# Short-Description: High performance network sniffer for packet inspection +# Description: High performance network sniffer for packet inspection +### END INIT INFO + +# Source function library. +. /etc/rc.d/init.d/functions + +exec=/usr/sbin/netsniff-ng +prog=netsniff-ng +config=/etc/sysconfig/$prog + +pidfile=/var/run/$prog.pid +logfile=/var/log/$prog.log +socket=/tmp/$prog.uds + +# use /etc/sysconfig/netsniff-ng to override these options +interface="${interface:-"eth0"}" +opts="${opts:-"-P $pidfile -L $logfile -S $socket"}" + +[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog + +lockfile=/var/lock/subsys/$prog + +start() { + [ -x $exec ] || exit 5 + [ -f $config ] || exit 6 + echo -n $"Starting $prog: " + daemon $exec -d $interface -D $opts + retval=$? + echo + [ $retval -eq 0 ] && touch $lockfile + return $retval +} + +stop() { + echo -n $"Stopping $prog: " + killproc $prog + retval=$? + echo + [ $retval -eq 0 ] && rm -f $lockfile + return $retval +} + +restart() { + stop + start +} + +reload() { + restart +} + +force_reload() { + restart +} + +rh_status() { + status $prog +} + +rh_status_q() { + rh_status >/dev/null 2>&1 +} + +case "$1" in + start) + rh_status_q && exit 0 + $1 + ;; + stop) + rh_status_q || exit 0 + $1 + ;; + restart) + $1 + ;; + reload) + rh_status_q || exit 7 + $1 + ;; + force-reload) + force_reload + ;; + status) + rh_status + ;; + condrestart|try-restart) + rh_status_q || exit 0 + restart + ;; + *) + echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}" + exit 2 +esac +exit $? diff --git a/netsniff-ng.spec b/netsniff-ng.spec new file mode 100644 index 0000000..2ada2be --- /dev/null +++ b/netsniff-ng.spec @@ -0,0 +1,158 @@ +Name: netsniff-ng +Version: 0.5.5.0 +Release: 0.4.211svn%{?dist} +Summary: A high performance network sniffer for packet inspection +Group: Applications/Internet +License: GPLv2+ +URL: http://code.google.com/p/netsniff-ng/ +# We cannot get the source directly, due to bugs on 0.5.4.x, but later +# revisions than 211 break the UDS functionality, and the replacement +# is not yet complete. When the replacement, which will be a netlink +# multicast group, is stable, this workaround will be removed. +# +# svn export -r 211 http://netsniff-ng.googlecode.com/svn/trunk/ netsniff-ng_0.5.5.0 +# tar -czvf netsniff-ng-0.5.5.0.tar.gz netsniff-ng_0.5.5.0 +Source0: netsniff-ng-%{version}.tar.gz +Source1: netsniff-ng.init +Source2: netsniff-ng.syscfg +# To read from the UDS socket, a client app is needed which is not provided +# So we grab the client app, check_packets, from an older source +# Something about this particular URL upsets rpmlint, but it is valid. +Source3: http://netsniff-ng.googlecode.com/files/%{name}-0.5.3.tar.gz +Patch0: netsniff-ng-uds_server.patch +Patch1: netsniff-ng-help_text.patch +Patch2: check_packets.patch +BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +Requires(post): chkconfig +Requires(preun): chkconfig +Requires(preun): initscripts + +%description +netsniff-ng is a high performance linux network sniffer for packet +inspection. Basically, it is similar to tcpdump, but it doesn't need one +syscall per packet. Instead, it uses an memory mapped area within kernelspace +for accessing packets without copying them to userspace (zero-copy mechanism). + +This tool is useful for debugging your network, measuring performance +throughput or creating network statistics of incoming packets on central +network nodes like routers or firewalls. + +By providing an unix domain socket client, you're able to integrate your +statistics into the nagios framework. + +%prep +%setup -q -n %{name}_%{version} + +mkdir check_packets +tar -C check_packets -xzf %{SOURCE3} + +%patch0 -p1 +%patch1 -p1 + +pushd check_packets +%patch2 -p1 +popd + +%build +#Main app +pushd src +make %{?_smp_mflags} \ + CC="%{__cc}" \ + CFLAGS="%{optflags} -Wno-format" \ + BINDIR="%{_sbindir}" \ + ETCDIR="%{_sysconfdir}" \ + MANDIR="%{_mandir}/man8" +popd + +#check_packets client +pushd check_packets/src +#Remove the prebuilt binaries +rm -f check_packets check_packets.o +make %{?_smp_mflags} +popd + +%install +rm -rf $RPM_BUILD_ROOT +#Main app +pushd src +make DESTDIR="$RPM_BUILD_ROOT" install \ + CC="%{__cc}" \ + CFLAGS="%{optflags}" \ + BINDIR="%{_sbindir}" \ + ETCDIR="%{_sysconfdir}" \ + MANDIR="%{_mandir}/man8" +install -D -m 0755 %{SOURCE1} $RPM_BUILD_ROOT%{_initrddir}/%{name} +install -D -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/%{name} +chmod 0644 $RPM_BUILD_ROOT/%{_mandir}/man8/%{name}.8* +popd + +#check_packets client +pushd check_packets/src +make install DESTDIR=$RPM_BUILD_ROOT +popd + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +/sbin/chkconfig --add %{name} + +%preun +if [ $1 = 0 ] ; then + /sbin/service %{name} stop >/dev/null 2>&1 + /sbin/chkconfig --del %{name} +fi + +%files +%defattr(-, root, root, -) +%doc AUTHORS Changelog COPYING CREDITS README TODO +%doc examples +%{_sbindir}/%{name} +%{_bindir}/check_packets +%dir %{_sysconfdir}/%{name} +%dir %{_sysconfdir}/%{name}/rules +%{_initrddir}/%{name} +%config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%config(noreplace) %{_sysconfdir}/%{name}/rules/*.bpf +%{_mandir}/man8/%{name}.8* + +%changelog +* Tue Feb 23 2010 James Findley - 0.5.5.0-0.4.211svn +- Improved the way sources are provided +- Used the upstream copy of 0.5.3 for check_packets, with a patch + +* Wed Feb 17 2010 James Findley - 0.5.5.0-0.3.211svn +- Added the check_packets client app: + - This makes the unix domain socket actually useful + - This is taken from the 0.5.3 sources, but with a modified makefile + +* Sun Feb 14 2010 James Findley - 0.5.5.0-0.2.211svn +- Patched the UDS server +- Patched the help text to correctly mark features not yet implemented +- Added BuildRequires and Requires + +* Wed Jan 27 2010 James Findley - 0.5.5.0-0.1.211svn +- Prerelease of 0.5.0 +- Should now work properly on older (e.g. RHEL 5.x) OSes +- Many new features added + +* Fri Jan 08 2010 James Findley - 0.5.4.1-5 +- Added -Wno-format to hide spurious gcc warnings on AMD64 + +* Thu Jan 07 2010 James Findley - 0.5.4.1-4 +- Fixed a few typos in the spec +- Zero padded changelog dates + +* Thu Jan 07 2010 James Findley - 0.5.4.1-3 +- Fixed a few more spec errors + +* Thu Jan 07 2010 James Findley - 0.5.4.1-2 +- Adapted for Fedora packaging policy +- Added an initscript + +* Wed Jan 06 2010 James Findley - 0.5.4.1-1 +- Updated to latest stable upstream + +* Mon Nov 27 2009 James Findley - 0.5.2-1 +- Initial Release + diff --git a/netsniff-ng.syscfg b/netsniff-ng.syscfg new file mode 100644 index 0000000..5526810 --- /dev/null +++ b/netsniff-ng.syscfg @@ -0,0 +1,9 @@ +# Config file for netsniff-ng, used to override and add options +# +# pidfile=/var/run/$prog.pid +# logfile=/var/log/$prog.log +# socket=/tmp/$prog.uds + +# interface="eth0" +# opts="-P $pidfile -L $logfile -S $socket" + diff --git a/sources b/sources index e69de29..ed24fed 100644 --- a/sources +++ b/sources @@ -0,0 +1,2 @@ +c89567d9976357fe6bb76f9e3f961367 netsniff-ng-0.5.3.tar.gz +d379500ec4cd72457ad3835215fcf3d2 netsniff-ng-0.5.5.0.tar.gz