Remove setuid root as this program can be used to do passive information

gathering of security sensitive data of mere users otherwise. Add support for some other datalink types, like the lo, ppp, slip & enc interfaces.
1998-11-29 20:27:11 +00:00 · 1998-11-29 20:27:11 +00:00 · 5c862f514a
commit 5c862f514a
parent 4899f9062c
5 changed files with 155 additions and 9 deletions
--- a/net/ntop/Makefile
+++ b/net/ntop/Makefile
@ -1,9 +1,9 @@
 # Ports makefile for:	ntop
-# Version required:	0.2.2
+# Version required:	0.4
 # Date created:		17 August 1998
 # Whom:			Oleg Safiullin <form@OpenBSD.ORG>
 #
-# $OpenBSD: Makefile,v 1.2 1998/10/20 08:39:47 form Exp $
+# $OpenBSD: Makefile,v 1.3 1998/11/29 20:27:11 niklas Exp $
 # FreeBSD: Makefile,v 1.2 1998/08/11 09:57:51 andreas Exp
 #

--- a/net/ntop/patches/patch-ab
+++ b/net/ntop/patches/patch-ab
@ -1,5 +1,5 @@
--- interface.h.old    Mon Aug 10 21:18:53 1998
-+++ interface.h        Mon Aug 10 21:19:12 1998
+--- interface.h.orig	Fri Jul 31 11:22:13 1998
+++ interface.h	Sun Nov 29 11:27:41 1998
@@ -25,8 +25,9 @@
  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  */
@ -11,3 +11,17 @@
 #ifdef HAVE_OS_PROTO_H
 #include "os-proto.h"
 #endif
+@@ -37,11 +38,13 @@
+ /* Globals */
+ extern char *program_name;
+ extern char version[], osName[], author[];
+extern int datalink;
+ 
+ /* Packet buffer routines */
+ extern void pbuf_init(int, int);
+ extern void pbuf_process(u_char *, const struct pcap_pkthdr *, const u_char *);
+ extern u_int pbuf_dump(pcap_dumper_t *);
+extern u_int link_header_len(int, const struct pcap_pkthdr *, const u_char *);
+ 
+ /* Utility routines */
+ #ifdef NOVFPRINTF
--- a/net/ntop/patches/patch-ad
+++ b/net/ntop/patches/patch-ad
@ -1,5 +1,5 @@
--- Makefile.in.old    Mon Aug 10 21:23:13 1998
-+++ Makefile.in        Mon Aug 10 21:23:39 1998
+--- Makefile.in.orig	Mon Aug  3 12:43:38 1998
+++ Makefile.in	Sun Nov 29 16:14:26 1998
@@ -38,17 +38,17 @@
 CC = @CC@
 PROG = ntop
@ -21,3 +21,17 @@
 
 INSTALL = @INSTALL@
 
+@@ -90,11 +90,10 @@
+ 	rm -f OS.NAME
+ 
+ install: force
+-	$(INSTALL) -m 6111 -o root -g sys $(PROG) $(DESTDIR)$(BINDEST)/$(PROG)
+-	chmod gou+s $(DESTDIR)$(BINDEST)/$(PROG)
+	$(INSTALL) -m 555 -o root -g bin $(PROG) $(DESTDIR)$(BINDEST)/$(PROG)
+ 
+ install-man: force
+-	$(INSTALL) -m 444 -o bin -g bin $(PROG).8 \
+	$(INSTALL) -m 444 -o root -g bin $(PROG).8 \
+ 	    $(DESTDIR)$(MANDEST)/man8/$(PROG).8
+ 
+ lint:	$(GENSRC) force
--- a/net/ntop/patches/patch-ae
+++ b/net/ntop/patches/patch-ae
@ -1,6 +1,31 @@
--- ntop.c.orig	Mon Aug 10 22:44:18 1998
-+++ ntop.c	Mon Aug 10 22:45:29 1998
-@@ -298,11 +298,11 @@
+--- ntop.c.orig	Mon Aug  3 12:12:43 1998
+++ ntop.c	Sun Nov 29 15:31:33 1998
+@@ -40,6 +40,7 @@
+ 
+ /* Globals */
+ char *program_name, *device;
+int datalink;
+ 
+ /* Locals */
+ static pcap_t *p;
+@@ -134,10 +135,15 @@
+ 
+   /* Fire up libpcap */
+   p = pcap_open_live(device, DEFAULT_SNAPLEN, !pflag, 1000, ebuf);
+-
+   if (p == NULL)
+     error(ebuf);
+ 
+  /* Find out what datalink type the interface is */
+  datalink = pcap_datalink(p);
+  if (link_header_len(datalink, 0, 0) == -1)
+    error("unsupported link type");
+
+
+   if (pcap_lookupnet(device, &localnet, &netmask, ebuf) < 0)
+     error(ebuf);
+ 
+@@ -298,11 +304,11 @@
 usage()
 {
   extern char version[];
--- a/net/ntop/patches/patch-af
+++ b/net/ntop/patches/patch-af
@ -0,0 +1,93 @@
+--- pbuf.c.orig	Mon Aug  3 14:50:07 1998
+++ pbuf.c	Sun Nov 29 15:49:43 1998
+@@ -32,7 +32,10 @@
+ extern int newSock;
+ extern void sendString(char *x);
+ 
+-
+#define ENC_HDRLEN 12
+#define NULL_HDRLEN 4
+#define PPP_HDRLEN 4
+#define SLIP_HDRLEN 16
+ 
+ #ifdef ETHER_HEADER_HAS_EA
+ #define ESRC(ep) ((ep)->ether_shost.ether_addr_octet)
+@@ -127,7 +130,7 @@
+ char* savestr(const char *str);
+ RETSIGTYPE printHostsTraffic(int signumber_ignored);
+ char* intoa(struct in_addr addr);
+-
+u_int inet_p(int link, const u_char *p);
+ 
+ /* ************************************ */
+ 
+@@ -1080,15 +1083,13 @@
+  */
+ void pbuf_process(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
+ {
+-  struct ether_header *ep;
+-  unsigned long hlen = sizeof(struct ether_header);
+  u_int hlen = link_header_len (datalink, h, p);
+ 
+   u_int caplen = h->caplen;
+   u_int length = h->len;
+ 
+-  if (caplen >= hlen) {
+-    ep = (struct ether_header *)p;
+-    if(ntohs(ep->ether_type) == ETHERTYPE_IP) {
+  if (hlen >= 0 && caplen >= hlen) {
+    if (inet_p (datalink, p)) {
+       ip_print(p+hlen, length);
+     } else {
+       length -= hlen;
+@@ -1103,3 +1104,50 @@
+     printHostsTraffic(0);    
+ }
+ 
+/*
+ * This is where we compute the datalink header length given the datalink
+ * type, a pcap packetheader and a packet buffer.  If the pcap packetheader
+ * and the packet pointers are NULL, we are only validating that the datalink
+ * type is supported.  In that case the header length returned need not be
+ * computed, just something different from -1 needs to be returned.
+ */
+u_int link_header_len(int link, const struct pcap_pkthdr *h, const u_char *p)
+{
+  switch (link) {
+  case DLT_EN10MB:
+  case DLT_IEEE802:
+    return(sizeof(struct ether_header));
+  case DLT_ENC:
+    return(ENC_HDRLEN);
+  case DLT_LOOP:
+  case DLT_NULL:
+    return(NULL_HDRLEN);
+  case DLT_SLIP:
+    return(SLIP_HDRLEN);
+  }
+  return(-1);
+}
+
+/* Predicate for testing if this packet contains an IP ditto.  */
+u_int inet_p(int link, const u_char *p)
+{
+  struct ether_header *ep;
+  u_int family;
+
+  switch (link) {
+  case DLT_EN10MB:
+  case DLT_IEEE802:
+    ep = (struct ether_header *)p;
+    return(ntohs(ep->ether_type) == ETHERTYPE_IP);
+  case DLT_ENC:
+  case DLT_PPP:
+  case DLT_SLIP:
+    return(1);
+  case DLT_LOOP:
+  case DLT_NULL:
+    (void)memcpy(&family, p, sizeof family);
+    return(ntohl(family) == AF_INET);
+  }
+  /* We never get here.  */
+  return(0);
+}