Network sniffer, via FreeBSD PR ports/6160.

9 files changed, 322 insertions, 0 deletions

diff --git a/net/sniffit/Makefile b/net/sniffit/Makefile
new file mode 100644
index 00000000000..db2411b978d
--- /dev/null
+++ b/net/sniffit/Makefile
@@ -0,0 +1,25 @@
+# New ports collection makefile for:	sniffit
+# Version required:	0.3.5
+# Date created:		28 Mar 1998
+# Whom:			bsdx
+#
+# $NetBSD: Makefile,v 1.1 1998/03/30 08:47:37 hubertf Exp $
+# FreeBSD 
+#
+
+DISTNAME=	sniffit.0.3.5
+CATEGORIES=	security
+MASTER_SITES=	http://reptile.rug.ac.be/~coder/sniffit/files/
+
+MAINTAINER=	packages@netbsd.org
+
+
+do-build:
+	cd ${WRKSRC} ; ./configure ; make
+
+do-install:
+	cd ${WRKSRC} ; cp sniffit ${PREFIX}/sbin/sniffit
+	chmod 555 ${PREFIX}/sbin/sniffit
+	chown bin.bin ${PREFIX}/sbin/sniffit
+
+.include <bsd.port.mk>
diff --git a/net/sniffit/files/md5 b/net/sniffit/files/md5
new file mode 100644
index 00000000000..c455648e4d7
--- /dev/null
+++ b/net/sniffit/files/md5
@@ -0,0 +1 @@
+MD5 (sniffit.0.3.5.tar.gz) = bd116c62669372d7ea7f59c337f6822a
diff --git a/net/sniffit/patches/patch-aa b/net/sniffit/patches/patch-aa
new file mode 100644
index 00000000000..59926bc6157
--- /dev/null
+++ b/net/sniffit/patches/patch-aa
@@ -0,0 +1,216 @@
+*** sn_defines.h	Fri Apr 18 11:33:58 1997
+--- sn_defines.h	Thu Jul 24 16:02:16 1997
+***************
+*** 80,90 ****
+  #define SYN 2
+  #define FIN 1
+  
+! #define NO_IP   0
+! #define NO_IP_4 1000
+! #define ICMP    1                       /* Protocol Numbers */
+! #define TCP     6
+! #define UDP     17
+  
+  #define ICMP_HEADLENGTH 4               /* fixed ICMP header length */
+  #define UDP_HEADLENGTH  8               /* fixed UDP header length */
+--- 80,91 ----
+  #define SYN 2
+  #define FIN 1
+  
+! #define NO_IP   	0
+! #define NO_IP_4 	1000
+! #define CORRUPT_IP	1001
+! #define ICMP    	1                       /* Protocol Numbers */
+! #define TCP     	6
+! #define UDP     	17
+  
+  #define ICMP_HEADLENGTH 4               /* fixed ICMP header length */
+  #define UDP_HEADLENGTH  8               /* fixed UDP header length */
+*** sn_packets.c	Fri Apr 18 11:33:58 1997
+--- sn_packets.c	Thu Aug 22 19:18:51 1985
+***************
+*** 43,48 ****
+--- 43,49 ----
+  	struct UDP_header UDPhead;
+  
+  	int i;
++  	short int dummy; /* 2 bytes, important */
+  
+  	memcpy(&IPhead,(sp+PROTO_HEAD),sizeof(struct IP_header));
+                                                    /* IP header Conversion */
+***************
+*** 51,56 ****
+--- 52,58 ----
+  	unwrapped->TCP_len = 0;         	/* Reset structure NEEDED!!! */
+  	unwrapped->UDP_len = 0;
+  	unwrapped->DATA_len = 0;
++ 	unwrapped->FRAG_nf = 0;
+          
+  	if(NO_CHKSUM == 0)
+  		{
+***************
+*** 75,106 ****
+  					/* restore orig buffer      */
+          			 	/* general programming rule */
+  		}
+  	if(IPhead.protocol == TCP )		             /* TCP */
+  		{
+! 		memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
+  						sizeof(struct TCP_header));
+! 		unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000;
+! 		unwrapped->TCP_len >>= 10; 
+! 		unwrapped->DATA_len = ntohs(IPhead.length) -
+  				(unwrapped->IP_len) - (unwrapped->TCP_len); 
+  		return TCP;
+  		}
+  	if(IPhead.protocol == ICMP )		             /* ICMP */
+  		{
+! 		memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
+  						sizeof(struct ICMP_header));
+! 		unwrapped->ICMP_len = ICMP_HEADLENGTH;
+! 		unwrapped->DATA_len = ntohs(IPhead.length) -
+  				(unwrapped->IP_len) - (unwrapped->ICMP_len); 
+! 		return ICMP; 
+  		}
+  	if(IPhead.protocol == UDP )		               /* UDP */
+  		{
+! 		memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
+  						sizeof(struct UDP_header));
+! 		unwrapped->UDP_len = UDP_HEADLENGTH;
+! 		unwrapped->DATA_len = ntohs(IPhead.length) -
+  				(unwrapped->IP_len) - (unwrapped->UDP_len); 
+  		return UDP; 
+  		}
+  	return -1; 
+--- 77,150 ----
+  					/* restore orig buffer      */
+          			 	/* general programming rule */
+  		}
++ 
++ #ifdef DEBUG_ONSCREEN
++ 	printf("IPheadlen: %d   total length: %d\n", unwrapped->IP_len,
++ 						    ntohs(IPhead.length)); 
++ #endif
++ 
++         dummy=ntohs(IPhead.flag_offset); dummy<<=3;
++         if( dummy!=0 )                            /* we have offset */
++ 		{
++ 		unwrapped->FRAG_nf = 1;
++                 }
++ 
+  	if(IPhead.protocol == TCP )		             /* TCP */
+  		{
+!                 if(unwrapped->FRAG_nf == 0)
+!                   {  
+! 		  if( (ntohs(IPhead.length)-(unwrapped->IP_len))<20 )
+! 		    {return CORRUPT_IP;};
+! 
+! 		  memcpy(&TCPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
+  						sizeof(struct TCP_header));
+! 		  unwrapped->TCP_len = ntohs(TCPhead.offset_flag) & 0xF000;
+! 		  unwrapped->TCP_len >>= 10; 
+! 		  unwrapped->DATA_len = ntohs(IPhead.length) -
+  				(unwrapped->IP_len) - (unwrapped->TCP_len); 
++                   }
++                 else
++                   {
++ 		  unwrapped->DATA_len = ntohs(IPhead.length) - (unwrapped->IP_len);
++                   }
+  		return TCP;
+  		}
+  	if(IPhead.protocol == ICMP )		             /* ICMP */
+  		{
+!                 if(unwrapped->FRAG_nf == 0)
+!                   {  
+! 		  if( (ntohs(IPhead.length)-(unwrapped->IP_len))<4 )
+! 		    {return CORRUPT_IP;};
+! 
+! 		  memcpy(&ICMPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
+  						sizeof(struct ICMP_header));
+! 		  unwrapped->ICMP_len = ICMP_HEADLENGTH;
+! 		  unwrapped->DATA_len = ntohs(IPhead.length) -
+  				(unwrapped->IP_len) - (unwrapped->ICMP_len); 
+! 		  return ICMP;
+! 		  }
+!                 else
+!                   {
+!                   return -1; /* don't handle fragmented ICMP */
+!                   } 
+  		}
+  	if(IPhead.protocol == UDP )		               /* UDP */
+  		{
+!                 if(unwrapped->FRAG_nf == 0)
+!                   {  
+! 		  if( (ntohs(IPhead.length)-(unwrapped->IP_len))<8 )
+! 		    {return CORRUPT_IP;};
+! 
+!   		  memcpy(&UDPhead,(sp+PROTO_HEAD+(unwrapped->IP_len)),
+  						sizeof(struct UDP_header));
+! 		  unwrapped->UDP_len = UDP_HEADLENGTH;
+! 		  unwrapped->DATA_len = ntohs(IPhead.length) -
+  				(unwrapped->IP_len) - (unwrapped->UDP_len); 
++ 		  }
++                 else
++ 		  {
++ 		  unwrapped->DATA_len = ntohs(IPhead.length)-(unwrapped->IP_len); 
++ 		  }
+  		return UDP; 
+  		}
+  	return -1; 
+*** sn_packetstructs.h	Fri Apr 18 11:33:58 1997
+--- sn_packetstructs.h	Thu Jul 24 16:17:20 1997
+***************
+*** 44,51 ****
+  	unsigned short length, checksum;
+  };
+  
+! struct unwrap                                           /* some extra info */
+  {
+  	int IP_len, TCP_len, ICMP_len, UDP_len;         /* header lengths */ 
+  	int DATA_len;
+  };
+--- 44,52 ----
+  	unsigned short length, checksum;
+  };
+  
+! struct unwrap                                          /* some extra info */
+  {
+  	int IP_len, TCP_len, ICMP_len, UDP_len;         /* header lengths */ 
+  	int DATA_len;
++ 	char FRAG_nf;                           /* not the first fragment */
+  };
+*** sniffit.0.3.5.c	Fri Apr 18 11:33:58 1997
+--- sniffit.0.3.5.c	Thu Aug 22 19:19:49 1985
+***************
+*** 411,421 ****
+--- 411,427 ----
+  	proto=unwrap_packet(sp, info); 
+  	if(proto == NO_IP)	return DONT_EXAMINE; /* no use in trying */
+  	if(proto == NO_IP_4)	return DONT_EXAMINE; /* no use in trying */
++ 	if(proto == CORRUPT_IP)	
++ 	  {printf("Suspicious Packet detected... (Split header)\n");
++ 	   return DONT_EXAMINE;}
+  
+          memcpy(&iphead,(sp+PROTO_HEAD),sizeof(struct IP_header));
+  	so=(unsigned char *)&(iphead.source);
+         	dest=(unsigned char *)&(iphead.destination);
+  
++ 	if(info->FRAG_nf!=0)
++ 	  {printf("Fragment Skipped...\n"); return DONT_EXAMINE; };
++ 
+  	if((proto==TCP)&&(PROTOCOLS&F_TCP)) 
+  		{
+  #ifdef DEBUG_ONSCREEN
+***************
+*** 1220,1225 ****
+--- 1226,1235 ----
+  	proto=unwrap_packet(sp, info);
+  	if(proto == NO_IP)	return DONT_EXAMINE; /* no use in trying */
+  	if(proto == NO_IP_4)	return DONT_EXAMINE; /* no use in trying */
++ 	if(proto == CORRUPT_IP)	return DONT_EXAMINE; /* no use in trying */
++ 
++ 	if(info->FRAG_nf!=0)
++ 	  {return DONT_EXAMINE; };
+  
+  	(*IP_nr_of_packets)++;
+  	if(proto==ICMP)  
diff --git a/net/sniffit/patches/patch-ab b/net/sniffit/patches/patch-ab
new file mode 100644
index 00000000000..930c5a66cac
--- /dev/null
+++ b/net/sniffit/patches/patch-ab
@@ -0,0 +1,17 @@
+--- configure.BAK	Mon Mar 30 09:33:48 1998
++++ configure	Mon Mar 30 09:33:55 1998
+@@ -1304,6 +1304,14 @@
+ 	OS_OPT=
+ 	
+         ;;
++netbsd*)
++	cat >> confdefs.h <<\EOF
++#define NETBSD 1
++EOF
++
++	OS_OPT=
++	
++        ;;
+ *)
+ 	echo "NOT A SUPPORTED SYSTEM / OR SYSTEM NOT RECOGNISED"
+ 	echo "Contact <Coder@reptile.rug.ac.be> if you feel it might be a bug."
diff --git a/net/sniffit/patches/patch-ac b/net/sniffit/patches/patch-ac
new file mode 100644
index 00000000000..9b7fe535f90
--- /dev/null
+++ b/net/sniffit/patches/patch-ac
@@ -0,0 +1,24 @@
+--- sn_data.h.BAK	Mon Mar 30 09:33:53 1998
++++ sn_data.h	Mon Mar 30 09:33:57 1998
+@@ -25,6 +25,21 @@
+ char *ETH_DEV[]={"ed"};
+ #endif
+ 
++#ifdef NETBSD
++#ifdef i386
++#define ETH_DEV_NR      20
++char *ETH_DEV[]={"ai","de","ec","ef","eg","el","en","ep","fe","fea","fpa","fxp","ix","iy","lc","le","ne","sm","tl","we"};
++#elif defined(sparc)
++#define ETH_DEV_NR      2
++char *ETH_DEV[]={"le","ie"};
++#elif defined(amiga)
++#define ETH_DEV_NR      5
++char *ETH_DEV[]={"bah","ed","es","le","qn"};
++#else
++#error Unknown network devices for this NetBSD architecture.
++#endif
++#endif
++
+ #ifdef BSDI
+ #define ETH_DEV_NR      1
+ char *ETH_DEV[]={"ef"};
diff --git a/net/sniffit/patches/patch-ad b/net/sniffit/patches/patch-ad
new file mode 100644
index 00000000000..d9ebc35a368
--- /dev/null
+++ b/net/sniffit/patches/patch-ad
@@ -0,0 +1,34 @@
+--- Makefile.in.BAK	Mon Mar 30 09:38:19 1998
++++ Makefile.in	Mon Mar 30 09:38:50 1998
+@@ -11,9 +11,9 @@
+ DEFS	   = @DEFS@
+ OS_OPT     = @OS_OPT@
+ OBJ_FLAG   = -w -O2 -c
+-OBJ_OPT    = -I./libpcap-0.3 -L./libpcap-0.3
++OBJ_OPT    = 
+ EXE_FLAG   = -w -O2 -o sniffit
+-EXE_OPT    = -I./libpcap-0.3 -L./libpcap-0.3 -lpcap
++EXE_OPT    = -lpcap
+ EXE_OBJ    = sn_packets.o sn_generation.o sn_interface.o sn_cfgfile.o \
+              sn_logfile.o
+ DEP_FILES  = sn_config.h pcap.h sn_data.h sn_defines.h sn_plugins.h \
+@@ -21,7 +21,6 @@
+              sn_generation.o sn_interface.o sn_cfgfile.o sn_logfile.o
+ 
+ sniffit: $(SNIFFIT) $(DEP_FILES)
+-	cd libpcap-0.3; make; cd ..
+ 	$(CC) $(EXE_FLAG) $(SNIFFIT) $(EXE_OBJ) $(EXE_OPT) $(LIBS) $(DEFS) $(OS_OPT) 
+ 	strip sniffit
+ 
+@@ -44,11 +43,7 @@
+ 
+ #Clean up everthing...
+ clean:
+-	cd libpcap-0.3; make clean; rm -f config.cache; cd ..
+ 	rm -f config.cache
+ 	rm -f config.status
+ 	rm -f config.log
+-	rm -f ./libpcap-0.3/config.cache
+-	rm -f ./libpcap-0.3/config.status
+-	rm -f ./libpcap-0.3/config.log
+ 	rm -f *.o sniffit
diff --git a/net/sniffit/pkg/COMMENT b/net/sniffit/pkg/COMMENT
new file mode 100644
index 00000000000..767b1a81ae5
--- /dev/null
+++ b/net/sniffit/pkg/COMMENT
@@ -0,0 +1 @@
+A packet sniffer program.
diff --git a/net/sniffit/pkg/DESCR b/net/sniffit/pkg/DESCR
new file mode 100644
index 00000000000..4074b701ca8
--- /dev/null
+++ b/net/sniffit/pkg/DESCR
@@ -0,0 +1,3 @@
+Sniffit is a packet sniffer for TCP/UDP/ICMP packets. Sniffit is able to 
+give you very detailed technical info on these packets (SEQ, ACK, TTL, Window, ...)
+but also packet contence in different formats (hex or plain text, ...)
diff --git a/net/sniffit/pkg/PLIST b/net/sniffit/pkg/PLIST
new file mode 100644
index 00000000000..e99e9bbb447
--- /dev/null
+++ b/net/sniffit/pkg/PLIST
@@ -0,0 +1 @@
+sbin/sniffit