Update to hping3

- drop privs to a dedicated user
- in case of error, print a message regarding pf blocking pf blocking
  outgoing packets
- do not activate Tcl support (for now?)

Input and ok sthen@

net/hping/Makefile

@@ -1,10 +1,13 @@
-# $OpenBSD: Makefile,v 1.31 2016/11/11 21:07:29 jca Exp $
+# $OpenBSD: Makefile,v 1.32 2016/12/05 13:57:20 jca Exp $
 
-COMMENT=	TCP/UDP ping/traceroute tool
+COMMENT=	command-line oriented TCP/IP packet assembler/analyzer
+
+GH_ACCOUNT=	antirez
+GH_PROJECT=	hping
+GH_COMMIT=	3547c7691742c6eaa31f8402e0ccbb81387c1b99
+DISTNAME=	hping-3.0.0-alpha-1
+PKGNAME=	hping-3.0.0pre1
 
-DISTNAME=	hping2.0.0-rc3
-PKGNAME=	hping-2.0.0rc3
-REVISION=	4
 CATEGORIES=	net
 
 HOMEPAGE=	http://www.hping.org/
@@ -14,23 +17,19 @@ PERMIT_PACKAGE_CDROM=	Yes
 
 WANTLIB=		c pcap
 
-MASTER_SITES=	${HOMEPAGE}
-
-WRKDIST=	${WRKDIR}/${DISTNAME:S/.0.0//}
+CONFIGURE_STYLE=simple
+CONFIGURE_ARGS=	--no-tcl
 
 MAKE_FLAGS=	CC="${CC}" \
-		CCOPT="${CFLAGS}"
+		CFLAGS="${CFLAGS}"
 
-CONFIGURE_STYLE=simple
-
-USE_GROFF =	Yes
 NO_TEST=	Yes
 
-pre-install:
-	sed -i "s,hping2,hping," ${WRKSRC}/docs/hping2.8
+post-extract:
+	sed -i 's/hping2/hping/g; s/HPING2/HPING/g' ${WRKSRC}/docs/hping3.8
 
 do-install:
-	${INSTALL_PROGRAM} ${WRKSRC}/hping2 ${PREFIX}/sbin/hping
-	${INSTALL_MAN} ${WRKSRC}/docs/hping2.8 ${PREFIX}/man/man8/hping.8
+	${INSTALL_PROGRAM} ${WRKBUILD}/hping3 ${PREFIX}/sbin/hping
+	${INSTALL_MAN} ${WRKSRC}/docs/hping3.8 ${PREFIX}/man/man8/hping.8
 
 .include <bsd.port.mk>

net/hping/distinfo

@@ -1,2 +1,2 @@
-SHA256 (hping2.0.0-rc3.tar.gz) = 9ZKS3jm5pAEEFL0SCklCJjmXZxSO+jcni9U9lhMWeWQ=
-SIZE (hping2.0.0-rc3.tar.gz) = 124573
+SHA256 (hping-3.0.0-alpha-1.tar.gz) = 9PrQGX9JP6eFRgRdvG2kBAwsgPxOM7jTIK9rFdqxlRk=
+SIZE (hping-3.0.0-alpha-1.tar.gz) = 572322

net/hping/patches/patch-Makefile_in

@@ -1,21 +1,14 @@
-$OpenBSD: patch-Makefile_in,v 1.1 2005/04/24 22:59:08 alek Exp $
---- Makefile.in.orig	Mon May  3 11:29:39 2004
-+++ Makefile.in	Mon Apr 25 00:06:21 2005
-@@ -10,7 +10,7 @@ CC= gcc
+$OpenBSD: patch-Makefile_in,v 1.2 2016/12/05 13:57:20 jca Exp $
+--- Makefile.in.orig	Thu Nov 10 14:16:59 2016
++++ Makefile.in	Thu Nov 10 14:17:30 2016
+@@ -9,8 +9,8 @@
+ CC= gcc
  AR=/usr/bin/ar
  RANLIB=/usr/bin/ranlib
- CCOPT= -O2 -Wall @PCAP_INCLUDE@
+-CCOPT= -O2 -Wall @PCAP_INCLUDE@ @TCL_INC@ @USE_TCL@
 -DEBUG= -g
++CCOPT= -Wall ${CFLAGS} @PCAP_INCLUDE@ @TCL_INC@ @USE_TCL@
 +DEBUG=
  #uncomment the following if you need libpcap based build under linux
  #(not raccomanded)
- COMPILE_TIME= @FORCE_LIBPCAP@
-@@ -39,7 +39,7 @@ ARSOBJ = ars.o apd.o split.o
- all: hping2
- 
- libars.a: $(ARSOBJ)
--	$(AR) rc $@ $^
-+	$(AR) rc $@ $(ARSOBJ)
- 	$(RANLIB) $@
- 
- hping2: byteorder.h $(OBJ)
+ COMPILE_TIME=

net/hping/patches/patch-bytesex_h

@@ -1,30 +0,0 @@
-$OpenBSD: patch-bytesex_h,v 1.3 2015/05/01 17:40:58 ajacoutot Exp $
---- bytesex.h.orig	Sat Jun 18 08:40:22 2005
-+++ bytesex.h	Sat Jun 18 08:42:22 2005
-@@ -4,20 +4,17 @@
- 
- /* $Id: patch-bytesex_h,v 1.3 2015/05/01 17:40:58 ajacoutot Exp $ */
- 
-+#include <endian.h>
-+
- #ifndef ARS_BYTESEX_H
- #define ARS_BYTESEX_H
- 
--#if 	defined(__i386__) \
--	|| defined(__alpha__) \
--	|| (defined(__mips__) && (defined(MIPSEL) || defined (__MIPSEL__)))
-+#if 	BYTE_ORDER == LITTLE_ENDIAN
- #define BYTE_ORDER_LITTLE_ENDIAN
--#elif 	defined(__mc68000__) \
--	|| defined (__sparc__) \
--	|| defined (__sparc) \
--	|| defined (__PPC__) \
--	|| defined (__BIG_ENDIAN__) \
--	|| (defined(__mips__) && (defined(MIPSEB) || defined (__MIPSEB__)))
-+
-+#elif 	BYTE_ORDER == BIG_ENDIAN
- #define BYTE_ORDER_BIG_ENDIAN
-+
- #else
- # error can not find the byte order for this architecture, fix bytesex.h
- #endif

net/hping/patches/patch-getlhs_c

@@ -1,11 +1,14 @@
-$OpenBSD: patch-getlhs_c,v 1.1 2013/04/02 15:15:53 sthen Exp $
---- getlhs.c.orig	Tue Apr  2 16:09:52 2013
-+++ getlhs.c	Tue Apr  2 16:10:57 2013
-@@ -62,6 +62,7 @@ int get_linkhdr_size(char *ifname)
+$OpenBSD: patch-getlhs_c,v 1.2 2016/12/05 13:57:20 jca Exp $
+
+- handle pppoe interfaces
+
+--- getlhs.c.orig	Fri Dec 26 15:31:29 2014
++++ getlhs.c	Sun Dec  4 20:53:14 2016
+@@ -62,6 +62,7 @@ int dltype_to_lhs(int dltype)
  #ifdef DLT_ATM_CLIP
  	case DLT_ATM_CLIP:
  #endif
 +	case DLT_PPP_ETHER:
- 		linkhdr_size = 8;
+ 		lhs = 8;
  		break;
  #ifdef DLT_C_HDLC

net/hping/patches/patch-main_c

@@ -1,7 +1,41 @@
-$OpenBSD: patch-main_c,v 1.1 2005/04/24 22:59:08 alek Exp $
---- main.c.orig	Sun Apr 24 20:31:59 2005
-+++ main.c	Sun Apr 24 20:49:52 2005
-@@ -315,24 +315,24 @@ int main(int argc, char **argv)
+$OpenBSD: patch-main_c,v 1.2 2016/12/05 13:57:20 jca Exp $
+
+- drop privileges to a dedicated user
+
+--- main.c.orig	Fri Dec 26 15:31:29 2014
++++ main.c	Sun Dec  4 20:59:40 2016
+@@ -27,6 +27,8 @@
+ #include <sys/time.h>
+ #include <sys/types.h>
+ #include <pcap.h>
++#include <pwd.h>
++#include <errno.h>
+ 
+ #include "hping2.h"
+ 
+@@ -254,6 +256,21 @@ int main(int argc, char **argv)
+ 		exit(1);
+ 	}
+ 
++	if (!getuid()) {
++		struct passwd *pw;
++		pw = getpwnam("_hping");
++		if (pw == NULL) {
++			printf("[main] can't drop privs: no such user\n");
++			exit(1);
++		}
++		if (setgroups(1, &pw->pw_gid) == -1 ||
++		    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 ||
++		    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) {
++			printf("[main] can't drop privs: %s\n", strerror(errno));
++			exit(1);
++		}
++	}
++
+ 	/* get physical layer header size */
+ 	if ( get_linkhdr_size(ifname) == -1 ) {
+ 		printf("[main] physical layer header size unknown\n");
+@@ -324,24 +341,24 @@ int main(int argc, char **argv)
  	}
  
  	if (opt_rawipmode) {

net/hping/patches/patch-sendip_c

@@ -0,0 +1,15 @@
+$OpenBSD: patch-sendip_c,v 1.1 2016/12/05 13:57:20 jca Exp $
+--- sendip.c.orig	Fri Dec 26 15:31:29 2014
++++ sendip.c	Tue Nov 22 03:17:46 2016
+@@ -111,7 +111,11 @@ void send_ip (char* src, char *dst, char *data, unsign
+ 		(struct sockaddr*)&remote, sizeof(remote));
+ 	
+ 	if (result == -1 && errno != EINTR && !opt_rand_dest && !opt_rand_source) {
++		int save_errno = errno;
+ 		perror("[send_ip] sendto");
++		if (save_errno == EHOSTUNREACH)
++			printf("[send_ip] "
++			    "Note that PF might be blocking your packets.\n");
+ 		if (close(sockraw) == -1)
+ 			perror("[ipsender] close(sockraw)");
+ 		if (close_pcap() == -1)

net/hping/patches/patch-waitpacket_c

@@ -1,7 +1,7 @@
-$OpenBSD: patch-waitpacket_c,v 1.2 2005/04/24 22:59:08 alek Exp $
---- waitpacket.c.orig	Fri Dec 13 16:01:57 2002
-+++ waitpacket.c	Sun Apr 24 21:00:52 2005
-@@ -361,15 +361,15 @@ int recv_tcp(void *packet, size_t size)
+$OpenBSD: patch-waitpacket_c,v 1.3 2016/12/05 13:57:20 jca Exp $
+--- waitpacket.c.orig	Fri Dec 26 15:31:29 2014
++++ waitpacket.c	Sun Dec  4 20:55:11 2016
+@@ -375,15 +375,15 @@ int recv_tcp(void *packet, size_t size)
  			goto out;
  
  		flags[0] = '\0';

net/hping/pkg/DESCR

@@ -2,17 +2,17 @@ hping is a command-line oriented TCP/IP packet assembler/analyzer. The
 interface is inspired by the ping(8) unix command, but hping isn't just
 for sending ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP
 protocols, has a traceroute mode, the ability to send files in a covert
-channel, and many other features. While hping was mainly used as a 
+channel, and many other features. While hping was mainly used as a
 security tool in the past, it can be used in many ways by people that
 don't care about security to test networks and hosts. A subset of the
-stuff you can do using hping: 
+stuff you can do using hping:
 
 - Firewall testing Advanced port scanning
-- Network testing, using different protocols, TOS, fragmentation 
-- Manual path MTU discovery 
-- Advanced traceroute, under all the supported protocols 
-- Remote OS fingerprinting 
-- Remote uptime guessing 
+- Network testing, using different protocols, TOS, fragmentation
+- Manual path MTU discovery
+- Advanced traceroute, under all the supported protocols
+- Remote OS fingerprinting
+- Remote uptime guessing
 - TCP/IP stacks auditing
 
 N.B. the message "[send_ip] sendto: No route to host" often indicates

net/hping/pkg/PLIST

@@ -1,3 +1,5 @@
-@comment $OpenBSD: PLIST,v 1.6 2015/05/01 17:40:58 ajacoutot Exp $
+@comment $OpenBSD: PLIST,v 1.7 2016/12/05 13:57:20 jca Exp $
+@newgroup _hping:784
+@newuser _hping:784:_hping:default:hping privdrop user:/nonexistent:/sbin/nologin
 @man man/man8/hping.8
 @bin sbin/hping