# HG changeset patch # User Michael Schloh von Bennewitz # Date 1349375405 -7200 # Node ID c10fb90893b9216a8ed17b2e158a43a76ab196de # Parent 119553d296d29ddc8824b29cc3a0ed53d39a02db Correct out of date build configuration, porting to Solaris 11 network link infrastructure and new libpcap logic. This additionally allows for device drivers in subdirectories of /dev. Correct packaged nmap personalities and signatures to work out of the box. Finally, hack arpd logic to properly close sockets and quit on TERM by repeating signaling in the run command script. Sadly, all this fails to correct the run time behaviour of honeyd which fails to bind to the IP layer. diff -r 119553d296d2 -r c10fb90893b9 arpd/arpd.patch --- a/arpd/arpd.patch Thu Oct 04 20:26:02 2012 +0200 +++ b/arpd/arpd.patch Thu Oct 04 20:30:05 2012 +0200 @@ -1,5 +1,15 @@ +Index: arpd.c --- arpd.c.dist 2003-07-02 16:49:31.000000000 +0200 +++ arpd.c 2003-07-02 16:53:25.000000000 +0200 +@@ -33,7 +33,7 @@ + #define ARPD_MAX_ACTIVE 600 + #define ARPD_MAX_INACTIVE 300 + +-#define PIDFILE "/var/run/arpd.pid" ++#define PIDFILE "/opsw/var/arpd/arpd.pid" + + struct arp_req { + struct addr pa; @@ -111,9 +111,11 @@ struct in_addr in; ip_addr_t istart, iend; @@ -14,7 +24,43 @@ if (second == NULL) errx(1, "%s: Invalid network range: %s", __func__, p); -@@ -267,7 +267,7 @@ +@@ -185,7 +187,7 @@ + arpd_init(char *dev, int naddresses, char **addresses) + { + struct bpf_program fcode; +- char filter[1024], ebuf[PCAP_ERRBUF_SIZE], *dst; ++ char filter[1024], ebuf[PCAP_ERRBUF_SIZE], *dst, *iface; + intf_t *intf; + + dst = arpd_expandips(naddresses, addresses); +@@ -203,7 +205,16 @@ + errx(1, "pcap_lookupdev: %s", ebuf); + } + arpd_ifent.intf_len = sizeof(arpd_ifent); +- strncpy(arpd_ifent.intf_name, dev, sizeof(arpd_ifent.intf_name) - 1); ++ ++ /* mitigate slash paths in OS that provide */ ++ /* network devices in subdirectories of /dev */ ++ iface = strrchr(dev, '/'); ++ if (iface) ++ iface += sizeof(char); ++ else ++ iface = dev; ++ ++ strncpy(arpd_ifent.intf_name, iface, sizeof(arpd_ifent.intf_name) - 1); + arpd_ifent.intf_name[sizeof(arpd_ifent.intf_name) - 1] = '\0'; + + if (intf_get(intf, &arpd_ifent) < 0) +@@ -218,7 +229,7 @@ + dst ? "and (" : "", dst ? dst : "", dst ? ")" : "", + addr_ntoa(&arpd_ifent.intf_link_addr)); + +- if ((arpd_pcap = pcap_open_live(dev, 128, 0, 500, ebuf)) == NULL) ++ if ((arpd_pcap = pcap_open_live(iface, 128, 0, 500, ebuf)) == NULL) + errx(1, "pcap_open_live: %s", ebuf); + + if (pcap_compile(arpd_pcap, &fcode, filter, 1, 0) < 0 || +@@ -265,7 +276,7 @@ spa->addr_ip, tha->addr_eth, tpa->addr_ip); if (op == ARP_OP_REQUEST) { @@ -23,7 +69,7 @@ addr_ntoa(tpa), addr_ntoa(spa)); } else if (op == ARP_OP_REPLY) { syslog(LOG_INFO, "arp reply %s is-at %s", -@@ -284,7 +284,7 @@ +@@ -282,7 +293,7 @@ int error; if (addr_cmp(addr, &arpd_ifent.intf_addr) == 0) { @@ -32,7 +78,7 @@ addr_ntoa(addr), addr_ntoa(&arpd_ifent.intf_link_addr)); return (0); } -@@ -293,10 +293,10 @@ +@@ -291,10 +302,10 @@ error = arp_get(arpd_arp, &arpent); if (error == -1) { @@ -45,7 +91,7 @@ addr_ntoa(addr), addr_ntoa(&arpent.arp_ha)); } return (error); -@@ -425,7 +425,7 @@ +@@ -423,7 +434,7 @@ if ((req = SPLAY_FIND(tree, &arpd_reqs, &tmp)) != NULL) { addr_pack(&src.arp_ha, ADDR_TYPE_ETH, ETH_ADDR_BITS, ethip->ar_sha, ETH_ADDR_LEN); @@ -54,3 +100,29 @@ addr_ntoa(&req->pa), addr_ntoa(&src.arp_ha)); /* This address is claimed */ +@@ -445,9 +456,6 @@ + void + terminate_handler(int sig) + { +- extern int event_gotsig; +- +- event_gotsig = 1; + arpd_sig = sig; + } + +@@ -464,7 +472,6 @@ + main(int argc, char *argv[]) + { + struct event recv_ev; +- extern int (*event_sigcb)(void); + char *dev; + int c, debug; + FILE *fp; +@@ -524,7 +531,6 @@ + perror("signal"); + return (-1); + } +- event_sigcb = arpd_signal; + + event_dispatch(); + diff -r 119553d296d2 -r c10fb90893b9 arpd/arpd.spec --- a/arpd/arpd.spec Thu Oct 04 20:26:02 2012 +0200 +++ b/arpd/arpd.spec Thu Oct 04 20:30:05 2012 +0200 @@ -32,7 +32,7 @@ Group: Mapping License: GNU Version: 0.2 -Release: 20080101 +Release: 20120800 # package options %option with_fsl yes @@ -44,16 +44,12 @@ Patch0: arpd.patch # build information -Prefix: %{l_prefix} -BuildRoot: %{l_buildroot} -BuildPreReq: OpenPKG, openpkg >= 20060823, libdnet, libpcap, libevent, gcc, make -PreReq: OpenPKG, openpkg >= 20060823, libdnet, libpcap, libevent +BuildPreReq: OpenPKG, openpkg >= 20100101, libdnet, libpcap, libevent, gcc, make +PreReq: OpenPKG, openpkg >= 20100101, libdnet, libpcap, libevent %if "%{with_fsl}" == "yes" BuildPreReq: fsl PreReq: fsl %endif -AutoReq: no -AutoReqProv: no %description Arpd is an Address Resolution Protocol (ARP) daemon which replies to @@ -98,8 +94,6 @@ %{l_make} %{l_mflags} %install - rm -rf $RPM_BUILD_ROOT - # create directories %{l_shtool} mkdir -f -p -m 755 \ $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \ @@ -125,7 +119,6 @@ %files -f files %clean - rm -rf $RPM_BUILD_ROOT %pre # before upgrade, save status and stop service diff -r 119553d296d2 -r c10fb90893b9 arpd/rc.arpd --- a/arpd/rc.arpd Thu Oct 04 20:26:02 2012 +0200 +++ b/arpd/rc.arpd Thu Oct 04 20:30:05 2012 +0200 @@ -43,6 +43,10 @@ rcService arpd enable yes || exit 0 rcService arpd active no && exit 0 arpd_signal TERM + rcService arpd active no && exit 0 + arpd_signal TERM + rcService arpd active no && exit 0 + rm -f $arpd_pidfile %restart -u @l_susr@ rcService arpd enable yes || exit 0 diff -r 119553d296d2 -r c10fb90893b9 honeyd/honeyd.conf --- a/honeyd/honeyd.conf Thu Oct 04 20:26:02 2012 +0200 +++ b/honeyd/honeyd.conf Thu Oct 04 20:30:05 2012 +0200 @@ -4,7 +4,7 @@ # Linux 2.4.x host definition create linuxhost -set linuxhost personality "Linux Kernel 2.4.0 - 2.4.18 (X86)" +set linuxhost personality "Linux kernel 2.4.18 - 2.4.20 (X86)" add linuxhost tcp port 21 "@l_prefix@/libexec/honeyd/ftp.sh" add linuxhost tcp port 25 "@l_prefix@/libexec/honeyd/smtp.sh" add linuxhost tcp port 110 "@l_prefix@/libexec/honeyd/pop3.sh" @@ -24,7 +24,7 @@ # AIX 4.X host definition create unixhost -set unixhost personality "AIX 4.0 - 4.2" +set unixhost personality "IBM AIX 4.0 - 4.2" add unixhost tcp port 21 "@l_prefix@/libexec/honeyd/ftp.sh" add unixhost tcp port 25 "@l_prefix@/libexec/honeyd/smtp.sh" add unixhost tcp port 110 "@l_prefix@/libexec/honeyd/pop3.sh" @@ -44,7 +44,7 @@ # Windows NT 4.0 host definition create winhost -set winhost personality "Windows NT 4.0 Server SP5-SP6" +set winhost personality "Microsoft Windows NT 4.0 Server SP5-SP6" add winhost tcp port 21 "@l_prefix@/libexec/honeyd/ftp.sh" add winhost tcp port 25 "@l_prefix@/libexec/honeyd/smtp.sh" add winhost tcp port 110 "@l_prefix@/libexec/honeyd/pop3.sh" diff -r 119553d296d2 -r c10fb90893b9 honeyd/honeyd.patch --- a/honeyd/honeyd.patch Thu Oct 04 20:26:02 2012 +0200 +++ b/honeyd/honeyd.patch Thu Oct 04 20:30:05 2012 +0200 @@ -190,3 +190,108 @@ SLIST_HEAD(pf_osfp_list, pf_os_fingerprint) pf_osfp_list; pool_t pf_osfp_entry_pl; pool_t pf_osfp_pl; +Index: nmap.prints +--- nmap.prints.orig 2007-05-28 08:05:05.000000000 +0200 ++++ nmap.prints 2012-10-02 20:41:53.110772932 +0200 +@@ -662,18 +662,6 @@ + T7(DF=N%W=0%ACK=S%Flags=AR%Ops=) + PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E) + +-Fingerprint IBM OS/400 V4R2M0 +-Class IBM | OS/400 | V4 | general purpose +-TSeq(Class=TD|RI%gcd=<6%SI=<285DC&>206%IPID=I%TS=U) +-T1(DF=N%W=8000%ACK=S++%Flags=AS%Ops=M) +-T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) +-T3(Resp=Y%DF=N%W=8000%ACK=S++%Flags=AS%Ops=M) +-T4(DF=N%W=0%ACK=S%Flags=R%Ops=) +-T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=) +-T6(DF=N%W=0%ACK=S%Flags=R%Ops=) +-T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=) +-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) +- + Fingerprint IBM OS/400 V4R5M0 + Class IBM | OS/400 | V4 | general purpose + T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT) +@@ -11085,18 +11073,6 @@ + + Fingerprint Microsoft Windows NT 4.0 SP3 + Class Microsoft | Windows | NT/2K/XP | general purpose +-TSeq(Class=TD|RI%gcd=<18%SI=<2A00DA&>6B73) +-T1(DF=Y%W=7FFF|2017%ACK=S++%Flags=AS%Ops=M|MNWNNT) +-T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) +-T3(Resp=Y%DF=Y%W=7FFF|2017%ACK=S++|O%Flags=AS|A%Ops=M|NNT) +-T4(DF=N%W=0%ACK=O|S%Flags=R%Ops=) +-T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=) +-T6(DF=N%W=0%ACK=O|S++%Flags=R%Ops=) +-T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=) +-PU(TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) +- +-Fingerprint Microsoft Windows NT 4.0 SP3 +-Class Microsoft | Windows | NT/2K/XP | general purpose + TSeq(Class=TD%gcd=if_ent.intf_len = sizeof(struct intf_entry); +- strlcpy(inter->if_ent.intf_name, dev, sizeof(inter->if_ent.intf_name)); ++ ++ /* mitigate slash paths in OS that provide */ ++ /* network devices in subdirectories of /dev */ ++ iface = strrchr(dev, '/'); ++ if (iface) ++ iface += sizeof(char); ++ else ++ iface = dev; ++ ++ strlcpy(inter->if_ent.intf_name, iface, sizeof(inter->if_ent.intf_name)); + + if (intf_get(intf, &inter->if_ent) < 0) + err(1, "%s: intf_get", __func__); + + if (inter->if_ent.intf_addr.addr_type != ADDR_TYPE_IP) + errx(1, "%s: bad interface configuration: %s is not IP", +- __func__, dev); ++ __func__, iface); + + return (inter); + } +@@ -244,7 +254,7 @@ + } + + void +-interface_ether_filter(struct interface *inter, ++interface_ether_filter(char *dev, struct interface *inter, + int naddresses, char **addresses) + { + char line[48]; +@@ -259,7 +269,7 @@ + sizeof(inter->if_filter)) + errx(1, "%s: pcap filter exceeds maximum length", __func__); + +- inter->if_eth = eth_open(inter->if_ent.intf_name); ++ inter->if_eth = eth_open(dev); + if (inter->if_eth == NULL) + errx(1, "%s: eth_open: %s", inter->if_ent.intf_name); + +@@ -307,7 +317,7 @@ + * ignore our own packets. + */ + if (inter->if_ent.intf_link_addr.addr_type == ADDR_TYPE_ETH) { +- interface_ether_filter(inter, naddresses, addresses); ++ interface_ether_filter(dev, inter, naddresses, addresses); + + /* + * We open all interfaces before parsing the