diff --git a/net/tcpflow/Makefile b/net/tcpflow/Makefile new file mode 100644 index 00000000000..41b5a06aecb --- /dev/null +++ b/net/tcpflow/Makefile @@ -0,0 +1,11 @@ +# $OpenBSD: Makefile,v 1.1.1.1 1999/11/12 14:22:25 brad Exp $ + +DISTNAME= tcpflow-0.12 +CATEGORIES= net +MASTER_SITES= ftp://ftp.circlemud.org/pub/jelson/tcpflow/ + +MAINTAINER= jethro@dqc.org + +GNU_CONFIGURE= yes + +.include diff --git a/net/tcpflow/files/md5 b/net/tcpflow/files/md5 new file mode 100644 index 00000000000..28e4638c7c3 --- /dev/null +++ b/net/tcpflow/files/md5 @@ -0,0 +1,3 @@ +MD5 (tcpflow-0.12.tar.gz) = 39e4d753cb2b04962e03a6b7ce7ef729 +RMD160 (tcpflow-0.12.tar.gz) = d63af46bf17ccc28e98ffecdab3a403ddf7c342e +SHA1 (tcpflow-0.12.tar.gz) = 3fe305baaf314c93c66d8d8670235c29025c297e diff --git a/net/tcpflow/patches/patch-aa b/net/tcpflow/patches/patch-aa new file mode 100644 index 00000000000..e1eb2ea0e31 --- /dev/null +++ b/net/tcpflow/patches/patch-aa @@ -0,0 +1,101 @@ +--- main.c.orig Tue Apr 20 21:40:14 1999 ++++ main.c Sun Oct 10 21:31:33 1999 +@@ -63,7 +63,7 @@ + fprintf(stderr, "%s version %s by Jeremy Elson \n\n", + PACKAGE, VERSION); + fprintf(stderr, "usage: %s [-chpsv] [-b max_bytes] [-d debug_level] [-f max_fds]\n", progname); +- fprintf(stderr, " [-i iface] [expression]\n\n"); ++ fprintf(stderr, " [-i iface] [-r file] [expression]\n\n"); + fprintf(stderr, " -b: max number of bytes per flow to save\n"); + fprintf(stderr, " -c: console print only (don't create files)\n"); + fprintf(stderr, " -d: debug level; default is %d\n", DEFAULT_DEBUG_LEVEL); +@@ -72,6 +72,7 @@ + fprintf(stderr, " -i: network interface on which to listen\n"); + fprintf(stderr, " (type \"ifconfig -a\" for a list of interfaces)\n"); + fprintf(stderr, " -p: don't use promiscuous mode\n"); ++ fprintf(stderr, " -r: read packets from file\n"); + fprintf(stderr, " -s: strip non-printable characters (change to '.')\n"); + fprintf(stderr, " -v: verbose operation equivalent to -d 10\n"); + fprintf(stderr, "expression: tcpdump-like filtering expression\n"); +@@ -89,6 +90,7 @@ + int need_usage = 0; + + char *device = NULL; ++ char *infile = NULL; + char *expression = NULL; + pcap_t *pd; + struct bpf_program fcode; +@@ -98,7 +100,7 @@ + + opterr = 0; + +- while ((arg = getopt(argc, argv, "b:cd:f:hi:psv")) != EOF) { ++ while ((arg = getopt(argc, argv, "b:cd:f:hi:pr:sv")) != EOF) { + switch (arg) { + case 'b': + if ((bytes_per_flow = atoi(optarg)) < 0) { +@@ -140,6 +142,9 @@ + no_promisc = 1; + DEBUG(10) ("NOT turning on promiscuous mode"); + break; ++ case 'r': ++ infile = optarg; ++ break; + case 'v': + debug_level = 10; + break; +@@ -160,23 +165,32 @@ + DEBUG(10) ("%s version %s by Jeremy Elson ", + PACKAGE, VERSION); + +- /* if the user didn't specify a device, try to find a reasonable one */ +- if (device == NULL) +- if ((device = pcap_lookupdev(error)) == NULL) ++ if (infile != NULL) { ++ /* Since we don't need network access, drop root privileges */ ++ setuid(getuid()); ++ ++ /* open the capture file */ ++ if ((pd = pcap_open_offline(infile, error)) == NULL) + die(error); + +- /* make sure we can open the device */ +- if ((pd = pcap_open_live(device, SNAPLEN, !no_promisc, 1000, error)) == NULL) +- die(error); ++ /* get the handler for this kind of packets */ ++ handler = find_handler(pcap_datalink(pd), infile); ++ } else { ++ /* if the user didn't specify a device, try to find a reasonable one */ ++ if (device == NULL) ++ if ((device = pcap_lookupdev(error)) == NULL) ++ die(error); + +- /* drop root privileges - we don't need them any more */ +- setuid(getuid()); ++ /* make sure we can open the device */ ++ if ((pd = pcap_open_live(device, SNAPLEN, !no_promisc, 1000, error)) == NULL) ++ die(error); + +- /* remember what datalink type the selected network interface is */ +- dlt = pcap_datalink(pd); ++ /* drop root privileges - we don't need them any more */ ++ setuid(getuid()); + +- /* get the handler for this network interface */ +- handler = find_handler(dlt, device); ++ /* get the handler for this kind of packets */ ++ handler = find_handler(pcap_datalink(pd), device); ++ } + + /* get the user's expression out of argv */ + expression = copy_argv(&argv[optind]); +@@ -223,7 +237,8 @@ + init_flow_state(); + + /* start listening! */ +- DEBUG(1) ("listening on %s", device); ++ if (infile == NULL) ++ DEBUG(1) ("listening on %s", device); + if (pcap_loop(pd, -1, handler, NULL) < 0) + die(pcap_geterr(pd)); + diff --git a/net/tcpflow/patches/patch-ab b/net/tcpflow/patches/patch-ab new file mode 100644 index 00000000000..4b50fec7c59 --- /dev/null +++ b/net/tcpflow/patches/patch-ab @@ -0,0 +1,53 @@ +--- tcpflow.1.in.orig Wed Apr 21 04:57:20 1999 ++++ tcpflow.1.in Sun Oct 10 21:31:33 1999 +@@ -21,6 +21,9 @@ + .BI \-i \ iface\fR\c + ] + [\c ++.BI \-r \ file\fR\c ++] ++[\c + .BI expression\fR\c + ] + .SH DESCRIPTION +@@ -29,7 +32,7 @@ + is a program that captures data transmitted as part of TCP connections + (flows), and stores it in a way that is convenient for protocol + analysis or debugging. A program like +-.IR tcpdump (4) ++.IR tcpdump (1) + only shows a summary of packets seen on the wire, but usually doesn't + store the data that's actually being transmitted. In contrast, + tcpflow reconstructs the actual data streams and stores each flow in a +@@ -93,6 +96,13 @@ + .B \-i + , a reasonable default will be used by libpcap automatically. + .TP ++.B \-r ++Read packets from \fIfile\fP, which was created using the ++.B \-w ++option of ++.IR tcpdump (1). ++Standard input is used if \fIfile\fP is ``-''. ++.TP + .B \-p + No promiscuous mode. Normally, tcpflow attempts to put the network + interface into promiscuous mode before capturing packets. The +@@ -118,7 +128,7 @@ + specified on the command-line specifies which packets should be + captured. Because tcpflow uses the the libpcap library, tcpflow has + the same powerful filtering language available as programs such as +-.IR tcpdump (4). ++.IR tcpdump (1). + .LP + .B The following part of the man page is excerpted from the tcpdump man page. + .LP +@@ -259,7 +269,7 @@ + .IP "\fBdst net \fInet\fR" + True if the IP destination address of the packet has a network + number of \fInet\fP. \fINet\fP may be either a name from /etc/networks +-or a network number (see \fInetworks(4)\fP for details). ++or a network number (see \fInetworks(5)\fP for details). + .IP "\fBsrc net \fInet\fR" + True if the IP source address of the packet has a network + number of \fInet\fP. diff --git a/net/tcpflow/pkg/COMMENT b/net/tcpflow/pkg/COMMENT new file mode 100644 index 00000000000..54072671cfb --- /dev/null +++ b/net/tcpflow/pkg/COMMENT @@ -0,0 +1 @@ +tool for capturing data from TCP connections diff --git a/net/tcpflow/pkg/DESCR b/net/tcpflow/pkg/DESCR new file mode 100644 index 00000000000..5ae911027cd --- /dev/null +++ b/net/tcpflow/pkg/DESCR @@ -0,0 +1,16 @@ +tcpflow is a program that captures data transmitted as part of TCP +connections (flows), and stores it in a way that is convenient for +protocol analysis or debugging. A program like 'tcpdump' only shows a +summary of packets seen on the wire, but usually doesn't store the +data that's actually being transmitted. In contrast, tcpflow +reconstructs the actual data streams and stores each flow in a +separate file for later analysis. + +tcpflow understands sequence numbers and will correctly reconstruct +data streams regardless of retransmissions or out-of-order delivery. +However, it currently does not understand IP fragments; flows +containing IP fragments will not be recorded properly. + +Note: this port includes a small patch that adds the capability of + reading the packets from a tcpdump(1) capture file, using + a new option (-r). diff --git a/net/tcpflow/pkg/PLIST b/net/tcpflow/pkg/PLIST new file mode 100644 index 00000000000..c03576b7aaf --- /dev/null +++ b/net/tcpflow/pkg/PLIST @@ -0,0 +1,2 @@ +bin/tcpflow +man/man1/tcpflow.1