changeset
Correct out of date build configuration, porting to Solaris 11 network
Thu, 04 Oct 2012 20:30:05 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 04 Oct 2012 20:30:05 +0200
- changeset 715
- c10fb90893b9
- parent 714
- 119553d296d2
- child 716
- b45328b0ff26
Correct out of date build configuration, porting to Solaris 11 network
link infrastructure and new libpcap logic. This additionally allows for
device drivers in subdirectories of /dev. Correct packaged nmap
personalities and signatures to work out of the box. Finally, hack
arpd logic to properly close sockets and quit on TERM by repeating
signaling in the run command script. Sadly, all this fails to correct
the run time behaviour of honeyd which fails to bind to the IP layer.
| arpd/arpd.patch | file | annotate | diff | comparison | revisions | |
| arpd/arpd.spec | file | annotate | diff | comparison | revisions | |
| arpd/rc.arpd | file | annotate | diff | comparison | revisions | |
| honeyd/honeyd.conf | file | annotate | diff | comparison | revisions | |
| honeyd/honeyd.patch | file | annotate | diff | comparison | revisions |
1.1 --- a/arpd/arpd.patch Thu Oct 04 20:26:02 2012 +0200 1.2 +++ b/arpd/arpd.patch Thu Oct 04 20:30:05 2012 +0200 1.3 @@ -1,5 +1,15 @@ 1.4 +Index: arpd.c 1.5 --- arpd.c.dist 2003-07-02 16:49:31.000000000 +0200 1.6 +++ arpd.c 2003-07-02 16:53:25.000000000 +0200 1.7 +@@ -33,7 +33,7 @@ 1.8 + #define ARPD_MAX_ACTIVE 600 1.9 + #define ARPD_MAX_INACTIVE 300 1.10 + 1.11 +-#define PIDFILE "/var/run/arpd.pid" 1.12 ++#define PIDFILE "/opsw/var/arpd/arpd.pid" 1.13 + 1.14 + struct arp_req { 1.15 + struct addr pa; 1.16 @@ -111,9 +111,11 @@ 1.17 struct in_addr in; 1.18 ip_addr_t istart, iend; 1.19 @@ -14,7 +24,43 @@ 1.20 if (second == NULL) 1.21 errx(1, "%s: Invalid network range: %s", 1.22 __func__, p); 1.23 -@@ -267,7 +267,7 @@ 1.24 +@@ -185,7 +187,7 @@ 1.25 + arpd_init(char *dev, int naddresses, char **addresses) 1.26 + { 1.27 + struct bpf_program fcode; 1.28 +- char filter[1024], ebuf[PCAP_ERRBUF_SIZE], *dst; 1.29 ++ char filter[1024], ebuf[PCAP_ERRBUF_SIZE], *dst, *iface; 1.30 + intf_t *intf; 1.31 + 1.32 + dst = arpd_expandips(naddresses, addresses); 1.33 +@@ -203,7 +205,16 @@ 1.34 + errx(1, "pcap_lookupdev: %s", ebuf); 1.35 + } 1.36 + arpd_ifent.intf_len = sizeof(arpd_ifent); 1.37 +- strncpy(arpd_ifent.intf_name, dev, sizeof(arpd_ifent.intf_name) - 1); 1.38 ++ 1.39 ++ /* mitigate slash paths in OS that provide */ 1.40 ++ /* network devices in subdirectories of /dev */ 1.41 ++ iface = strrchr(dev, '/'); 1.42 ++ if (iface) 1.43 ++ iface += sizeof(char); 1.44 ++ else 1.45 ++ iface = dev; 1.46 ++ 1.47 ++ strncpy(arpd_ifent.intf_name, iface, sizeof(arpd_ifent.intf_name) - 1); 1.48 + arpd_ifent.intf_name[sizeof(arpd_ifent.intf_name) - 1] = '\0'; 1.49 + 1.50 + if (intf_get(intf, &arpd_ifent) < 0) 1.51 +@@ -218,7 +229,7 @@ 1.52 + dst ? "and (" : "", dst ? dst : "", dst ? ")" : "", 1.53 + addr_ntoa(&arpd_ifent.intf_link_addr)); 1.54 + 1.55 +- if ((arpd_pcap = pcap_open_live(dev, 128, 0, 500, ebuf)) == NULL) 1.56 ++ if ((arpd_pcap = pcap_open_live(iface, 128, 0, 500, ebuf)) == NULL) 1.57 + errx(1, "pcap_open_live: %s", ebuf); 1.58 + 1.59 + if (pcap_compile(arpd_pcap, &fcode, filter, 1, 0) < 0 || 1.60 +@@ -265,7 +276,7 @@ 1.61 spa->addr_ip, tha->addr_eth, tpa->addr_ip); 1.62 1.63 if (op == ARP_OP_REQUEST) { 1.64 @@ -23,7 +69,7 @@ 1.65 addr_ntoa(tpa), addr_ntoa(spa)); 1.66 } else if (op == ARP_OP_REPLY) { 1.67 syslog(LOG_INFO, "arp reply %s is-at %s", 1.68 -@@ -284,7 +284,7 @@ 1.69 +@@ -282,7 +293,7 @@ 1.70 int error; 1.71 1.72 if (addr_cmp(addr, &arpd_ifent.intf_addr) == 0) { 1.73 @@ -32,7 +78,7 @@ 1.74 addr_ntoa(addr), addr_ntoa(&arpd_ifent.intf_link_addr)); 1.75 return (0); 1.76 } 1.77 -@@ -293,10 +293,10 @@ 1.78 +@@ -291,10 +302,10 @@ 1.79 error = arp_get(arpd_arp, &arpent); 1.80 1.81 if (error == -1) { 1.82 @@ -45,7 +91,7 @@ 1.83 addr_ntoa(addr), addr_ntoa(&arpent.arp_ha)); 1.84 } 1.85 return (error); 1.86 -@@ -425,7 +425,7 @@ 1.87 +@@ -423,7 +434,7 @@ 1.88 if ((req = SPLAY_FIND(tree, &arpd_reqs, &tmp)) != NULL) { 1.89 addr_pack(&src.arp_ha, ADDR_TYPE_ETH, ETH_ADDR_BITS, 1.90 ethip->ar_sha, ETH_ADDR_LEN); 1.91 @@ -54,3 +100,29 @@ 1.92 addr_ntoa(&req->pa), addr_ntoa(&src.arp_ha)); 1.93 1.94 /* This address is claimed */ 1.95 +@@ -445,9 +456,6 @@ 1.96 + void 1.97 + terminate_handler(int sig) 1.98 + { 1.99 +- extern int event_gotsig; 1.100 +- 1.101 +- event_gotsig = 1; 1.102 + arpd_sig = sig; 1.103 + } 1.104 + 1.105 +@@ -464,7 +472,6 @@ 1.106 + main(int argc, char *argv[]) 1.107 + { 1.108 + struct event recv_ev; 1.109 +- extern int (*event_sigcb)(void); 1.110 + char *dev; 1.111 + int c, debug; 1.112 + FILE *fp; 1.113 +@@ -524,7 +531,6 @@ 1.114 + perror("signal"); 1.115 + return (-1); 1.116 + } 1.117 +- event_sigcb = arpd_signal; 1.118 + 1.119 + event_dispatch(); 1.120 +
2.1 --- a/arpd/arpd.spec Thu Oct 04 20:26:02 2012 +0200 2.2 +++ b/arpd/arpd.spec Thu Oct 04 20:30:05 2012 +0200 2.3 @@ -32,7 +32,7 @@ 2.4 Group: Mapping 2.5 License: GNU 2.6 Version: 0.2 2.7 -Release: 20080101 2.8 +Release: 20120800 2.9 2.10 # package options 2.11 %option with_fsl yes 2.12 @@ -44,16 +44,12 @@ 2.13 Patch0: arpd.patch 2.14 2.15 # build information 2.16 -Prefix: %{l_prefix} 2.17 -BuildRoot: %{l_buildroot} 2.18 -BuildPreReq: OpenPKG, openpkg >= 20060823, libdnet, libpcap, libevent, gcc, make 2.19 -PreReq: OpenPKG, openpkg >= 20060823, libdnet, libpcap, libevent 2.20 +BuildPreReq: OpenPKG, openpkg >= 20100101, libdnet, libpcap, libevent, gcc, make 2.21 +PreReq: OpenPKG, openpkg >= 20100101, libdnet, libpcap, libevent 2.22 %if "%{with_fsl}" == "yes" 2.23 BuildPreReq: fsl 2.24 PreReq: fsl 2.25 %endif 2.26 -AutoReq: no 2.27 -AutoReqProv: no 2.28 2.29 %description 2.30 Arpd is an Address Resolution Protocol (ARP) daemon which replies to 2.31 @@ -98,8 +94,6 @@ 2.32 %{l_make} %{l_mflags} 2.33 2.34 %install 2.35 - rm -rf $RPM_BUILD_ROOT 2.36 - 2.37 # create directories 2.38 %{l_shtool} mkdir -f -p -m 755 \ 2.39 $RPM_BUILD_ROOT%{l_prefix}/etc/rc.d \ 2.40 @@ -125,7 +119,6 @@ 2.41 %files -f files 2.42 2.43 %clean 2.44 - rm -rf $RPM_BUILD_ROOT 2.45 2.46 %pre 2.47 # before upgrade, save status and stop service
3.1 --- a/arpd/rc.arpd Thu Oct 04 20:26:02 2012 +0200 3.2 +++ b/arpd/rc.arpd Thu Oct 04 20:30:05 2012 +0200 3.3 @@ -43,6 +43,10 @@ 3.4 rcService arpd enable yes || exit 0 3.5 rcService arpd active no && exit 0 3.6 arpd_signal TERM 3.7 + rcService arpd active no && exit 0 3.8 + arpd_signal TERM 3.9 + rcService arpd active no && exit 0 3.10 + rm -f $arpd_pidfile 3.11 3.12 %restart -u @l_susr@ 3.13 rcService arpd enable yes || exit 0
4.1 --- a/honeyd/honeyd.conf Thu Oct 04 20:26:02 2012 +0200 4.2 +++ b/honeyd/honeyd.conf Thu Oct 04 20:30:05 2012 +0200 4.3 @@ -4,7 +4,7 @@ 4.4 4.5 # Linux 2.4.x host definition 4.6 create linuxhost 4.7 -set linuxhost personality "Linux Kernel 2.4.0 - 2.4.18 (X86)" 4.8 +set linuxhost personality "Linux kernel 2.4.18 - 2.4.20 (X86)" 4.9 add linuxhost tcp port 21 "@l_prefix@/libexec/honeyd/ftp.sh" 4.10 add linuxhost tcp port 25 "@l_prefix@/libexec/honeyd/smtp.sh" 4.11 add linuxhost tcp port 110 "@l_prefix@/libexec/honeyd/pop3.sh" 4.12 @@ -24,7 +24,7 @@ 4.13 4.14 # AIX 4.X host definition 4.15 create unixhost 4.16 -set unixhost personality "AIX 4.0 - 4.2" 4.17 +set unixhost personality "IBM AIX 4.0 - 4.2" 4.18 add unixhost tcp port 21 "@l_prefix@/libexec/honeyd/ftp.sh" 4.19 add unixhost tcp port 25 "@l_prefix@/libexec/honeyd/smtp.sh" 4.20 add unixhost tcp port 110 "@l_prefix@/libexec/honeyd/pop3.sh" 4.21 @@ -44,7 +44,7 @@ 4.22 4.23 # Windows NT 4.0 host definition 4.24 create winhost 4.25 -set winhost personality "Windows NT 4.0 Server SP5-SP6" 4.26 +set winhost personality "Microsoft Windows NT 4.0 Server SP5-SP6" 4.27 add winhost tcp port 21 "@l_prefix@/libexec/honeyd/ftp.sh" 4.28 add winhost tcp port 25 "@l_prefix@/libexec/honeyd/smtp.sh" 4.29 add winhost tcp port 110 "@l_prefix@/libexec/honeyd/pop3.sh"
5.1 --- a/honeyd/honeyd.patch Thu Oct 04 20:26:02 2012 +0200 5.2 +++ b/honeyd/honeyd.patch Thu Oct 04 20:30:05 2012 +0200 5.3 @@ -190,3 +190,108 @@ 5.4 SLIST_HEAD(pf_osfp_list, pf_os_fingerprint) pf_osfp_list; 5.5 pool_t pf_osfp_entry_pl; 5.6 pool_t pf_osfp_pl; 5.7 +Index: nmap.prints 5.8 +--- nmap.prints.orig 2007-05-28 08:05:05.000000000 +0200 5.9 ++++ nmap.prints 2012-10-02 20:41:53.110772932 +0200 5.10 +@@ -662,18 +662,6 @@ 5.11 + T7(DF=N%W=0%ACK=S%Flags=AR%Ops=) 5.12 + PU(DF=N%TOS=0%IPLEN=38%RIPTL=15C%RID=E%RIPCK=0%UCK=0%ULEN=134%DAT=E) 5.13 + 5.14 +-Fingerprint IBM OS/400 V4R2M0 5.15 +-Class IBM | OS/400 | V4 | general purpose 5.16 +-TSeq(Class=TD|RI%gcd=<6%SI=<285DC&>206%IPID=I%TS=U) 5.17 +-T1(DF=N%W=8000%ACK=S++%Flags=AS%Ops=M) 5.18 +-T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) 5.19 +-T3(Resp=Y%DF=N%W=8000%ACK=S++%Flags=AS%Ops=M) 5.20 +-T4(DF=N%W=0%ACK=S%Flags=R%Ops=) 5.21 +-T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=) 5.22 +-T6(DF=N%W=0%ACK=S%Flags=R%Ops=) 5.23 +-T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=) 5.24 +-PU(DF=N%TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) 5.25 +- 5.26 + Fingerprint IBM OS/400 V4R5M0 5.27 + Class IBM | OS/400 | V4 | general purpose 5.28 + T1(DF=N%W=2000%ACK=S++%Flags=AS%Ops=MNWNNT) 5.29 +@@ -11085,18 +11073,6 @@ 5.30 + 5.31 + Fingerprint Microsoft Windows NT 4.0 SP3 5.32 + Class Microsoft | Windows | NT/2K/XP | general purpose 5.33 +-TSeq(Class=TD|RI%gcd=<18%SI=<2A00DA&>6B73) 5.34 +-T1(DF=Y%W=7FFF|2017%ACK=S++%Flags=AS%Ops=M|MNWNNT) 5.35 +-T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) 5.36 +-T3(Resp=Y%DF=Y%W=7FFF|2017%ACK=S++|O%Flags=AS|A%Ops=M|NNT) 5.37 +-T4(DF=N%W=0%ACK=O|S%Flags=R%Ops=) 5.38 +-T5(DF=N%W=0%ACK=S++%Flags=AR%Ops=) 5.39 +-T6(DF=N%W=0%ACK=O|S++%Flags=R%Ops=) 5.40 +-T7(DF=N%W=0%ACK=S++%Flags=AR%Ops=) 5.41 +-PU(TOS=0%IPLEN=38%RIPTL=148%RID=E%RIPCK=E%UCK=E%ULEN=134%DAT=E) 5.42 +- 5.43 +-Fingerprint Microsoft Windows NT 4.0 SP3 5.44 +-Class Microsoft | Windows | NT/2K/XP | general purpose 5.45 + TSeq(Class=TD%gcd=<F4%SI=<3C%IPID=BI%TS=U) 5.46 + T1(DF=Y%W=2017%ACK=S++%Flags=AS%Ops=M) 5.47 + T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=) 5.48 +Index: interface.c 5.49 +--- interface.c.orig 2007-05-28 08:12:52.000000000 +0200 5.50 ++++ interface.c 2012-10-02 21:16:53.229492754 +0200 5.51 +@@ -114,6 +114,7 @@ 5.52 + { 5.53 + char ebuf[PCAP_ERRBUF_SIZE]; 5.54 + struct interface *inter; 5.55 ++ char *iface = 0; 5.56 + 5.57 + if ((inter = calloc(1, sizeof(struct interface))) == NULL) 5.58 + err(1, "%s: calloc", __func__); 5.59 +@@ -126,14 +127,23 @@ 5.60 + TAILQ_INSERT_TAIL(&interfaces, inter, next); 5.61 + 5.62 + inter->if_ent.intf_len = sizeof(struct intf_entry); 5.63 +- strlcpy(inter->if_ent.intf_name, dev, sizeof(inter->if_ent.intf_name)); 5.64 ++ 5.65 ++ /* mitigate slash paths in OS that provide */ 5.66 ++ /* network devices in subdirectories of /dev */ 5.67 ++ iface = strrchr(dev, '/'); 5.68 ++ if (iface) 5.69 ++ iface += sizeof(char); 5.70 ++ else 5.71 ++ iface = dev; 5.72 ++ 5.73 ++ strlcpy(inter->if_ent.intf_name, iface, sizeof(inter->if_ent.intf_name)); 5.74 + 5.75 + if (intf_get(intf, &inter->if_ent) < 0) 5.76 + err(1, "%s: intf_get", __func__); 5.77 + 5.78 + if (inter->if_ent.intf_addr.addr_type != ADDR_TYPE_IP) 5.79 + errx(1, "%s: bad interface configuration: %s is not IP", 5.80 +- __func__, dev); 5.81 ++ __func__, iface); 5.82 + 5.83 + return (inter); 5.84 + } 5.85 +@@ -244,7 +254,7 @@ 5.86 + } 5.87 + 5.88 + void 5.89 +-interface_ether_filter(struct interface *inter, 5.90 ++interface_ether_filter(char *dev, struct interface *inter, 5.91 + int naddresses, char **addresses) 5.92 + { 5.93 + char line[48]; 5.94 +@@ -259,7 +269,7 @@ 5.95 + sizeof(inter->if_filter)) 5.96 + errx(1, "%s: pcap filter exceeds maximum length", __func__); 5.97 + 5.98 +- inter->if_eth = eth_open(inter->if_ent.intf_name); 5.99 ++ inter->if_eth = eth_open(dev); 5.100 + if (inter->if_eth == NULL) 5.101 + errx(1, "%s: eth_open: %s", inter->if_ent.intf_name); 5.102 + 5.103 +@@ -307,7 +317,7 @@ 5.104 + * ignore our own packets. 5.105 + */ 5.106 + if (inter->if_ent.intf_link_addr.addr_type == ADDR_TYPE_ETH) { 5.107 +- interface_ether_filter(inter, naddresses, addresses); 5.108 ++ interface_ether_filter(dev, inter, naddresses, addresses); 5.109 + 5.110 + /* 5.111 + * We open all interfaces before parsing the
