import security/p0f3 (separate non-conflicting port to p0f as the rewrite uses

different database files than the earlier one / pf / tcpdump), ok giovanni@ P0f is a tool that utilizes an array of sophisticated, purely passive traffic fingerprinting mechanisms to identify the players behind any incidental TCP/IP communications (often as little as a single normal SYN) without interfering in any way. Version 3 is a complete rewrite of the original codebase, incorporating a significant number of improvements to network-level fingerprinting, and introducing the ability to reason about application-level payloads (e.g., HTTP). The tool can be operated in the foreground or as a daemon, and offers a simple real-time API (via unix domain sockets) for third-party components that wish to obtain additional information about the actors they are talking to.
2015-01-08 22:03:20 +00:00 · 2015-01-08 22:03:20 +00:00 · a77dd04035
commit a77dd04035
parent d1f7b823f8
6 changed files with 97 additions and 0 deletions
--- a/security/p0f3/Makefile
+++ b/security/p0f3/Makefile
@ -0,0 +1,34 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2015/01/08 22:03:20 sthen Exp $
+
+COMMENT=	passive OS fingerprinting tool
+
+V=		3.08b
+DISTNAME=	p0f-$V
+PKGNAME=	p0f3-$V
+EXTRACT_SUFX=	.tgz
+CATEGORIES=     security net
+
+HOMEPAGE=	http://lcamtuf.coredump.cx/p0f.shtml
+
+# LGPLv2.1
+PERMIT_PACKAGE_CDROM=	Yes
+
+WANTLIB += c pcap
+
+MASTER_SITES=	http://lcamtuf.coredump.cx/p0f3/releases/
+
+BUILD_DEPENDS=	shells/bash
+
+NO_TEST=	Yes
+
+post-extract:
+	perl -pi -e 's,^#!/bin/bash,#!${LOCALBASE}/bin/bash,' ${WRKSRC}/build.sh
+	perl -pi -e 's,^/etc/,${SYSCONFDIR}/,g' ${WRKSRC}/config.h
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/p0f ${PREFIX}/sbin/p0f3
+	${INSTALL_DATA_DIR} ${PREFIX}/share/{examples,doc}/p0f3
+	${INSTALL_DATA} ${WRKSRC}/docs/* ${PREFIX}/share/doc/p0f3/
+	${INSTALL_DATA} ${WRKSRC}/p0f.fp ${PREFIX}/share/examples/p0f3/p0f3.fp
+
+.include <bsd.port.mk>
--- a/security/p0f3/distinfo
+++ b/security/p0f3/distinfo
@ -0,0 +1,2 @@
+SHA256 (p0f-3.08b.tgz) = 2omn/kul2zcEIH9L3iMWQ77dT+hlOrgRHGV2bIx2iuw=
+SIZE (p0f-3.08b.tgz) = 92573
--- a/security/p0f3/patches/patch-build_sh
+++ b/security/p0f3/patches/patch-build_sh
@ -0,0 +1,24 @@
+$OpenBSD: patch-build_sh,v 1.1.1.1 2015/01/08 22:03:20 sthen Exp $
+--- build.sh.orig	Wed Jan  7 15:09:18 2015
+++ build.sh	Wed Jan  7 15:10:36 2015
+@@ -81,8 +81,8 @@ if [ "$1" = "clean" -o "$1" = "publish" ]; then
+ elif [ "$1" = "all" -o "$1" = "" ]; then
+ 
+   echo "[+] Configuring production build."
+-  BASIC_CFLAGS="$BASIC_CFLAGS -O3"
+-  USE_CFLAGS="$USE_CFLAGS -O3"
+  #BASIC_CFLAGS="$BASIC_CFLAGS -O3"
+  #USE_CFLAGS="$USE_CFLAGS -O3"
+ 
+ elif [ "$1" = "debug" ]; then
+ 
+@@ -318,7 +318,8 @@ echo -n "[*] Compiling $PROGNAME... "
+ 
+ rm -f "$PROGNAME" || exit 1
+ 
+-$CC $USE_CFLAGS $USE_LDFLAGS "$PROGNAME.c" $OBJFILES -o "$PROGNAME" $USE_LIBS &>"$TMP.log"
+echo $CC $USE_CFLAGS $USE_LDFLAGS "$PROGNAME.c" $OBJFILES -o "$PROGNAME" $USE_LIBS
+$CC $USE_CFLAGS $USE_LDFLAGS "$PROGNAME.c" $OBJFILES -o "$PROGNAME" $USE_LIBS 2>&1 | tee "$TMP.log"
+ 
+ if [ ! -x "$PROGNAME" ]; then
+ 
--- a/security/p0f3/patches/patch-config_h
+++ b/security/p0f3/patches/patch-config_h
@ -0,0 +1,12 @@
+$OpenBSD: patch-config_h,v 1.1.1.1 2015/01/08 22:03:20 sthen Exp $
+--- config.h.orig	Wed Jan  7 16:03:43 2015
+++ config.h	Wed Jan  7 16:04:11 2015
+@@ -20,7 +20,7 @@
+ /* Default location of p0f.fp: */
+ 
+ #ifndef FP_FILE
+-#  define FP_FILE           "p0f.fp"
+#  define FP_FILE           "/etc/p0f/p0f3.fp"
+ #endif /* !FP_FILE */
+ 
+ /* Initial permissions on log files: */
--- a/security/p0f3/pkg/DESCR
+++ b/security/p0f3/pkg/DESCR
@ -0,0 +1,12 @@
+P0f is a tool that utilizes an array of sophisticated, purely passive
+traffic fingerprinting mechanisms to identify the players behind any
+incidental TCP/IP communications (often as little as a single normal SYN)
+without interfering in any way. Version 3 is a complete rewrite of the
+original codebase, incorporating a significant number of improvements to
+network-level fingerprinting, and introducing the ability to reason about
+application-level payloads (e.g., HTTP).
+
+The tool can be operated in the foreground or as a daemon, and offers a
+simple real-time API (via unix domain sockets) for third-party components
+that wish to obtain additional information about the actors they are
+talking to.
--- a/security/p0f3/pkg/PLIST
+++ b/security/p0f3/pkg/PLIST
@ -0,0 +1,13 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2015/01/08 22:03:20 sthen Exp $
+@bin sbin/p0f3
+share/doc/p0f3/
+share/doc/p0f3/COPYING
+share/doc/p0f3/ChangeLog
+share/doc/p0f3/README
+share/doc/p0f3/TODO
+share/doc/p0f3/existential-notes.txt
+share/doc/p0f3/extra-sigs.txt
+share/examples/p0f3/
+@sample ${SYSCONFDIR}/p0f/
+share/examples/p0f3/p0f3.fp
+@sample ${SYSCONFDIR}/p0f/p0f3.fp