Initail import of aguri-0.5

-- Aguri is an aggregation-based traffic profiler targeted for near real-time, long-term, and wide-area traffic monitoring. Aguri adapts itself to spatial traffic distribution by aggregating small volume flows into aggregates, and achieves temporal aggregation by creating a summary of summaries applying the same algorithm to its outputs. From: Jose Nazario <jose@crimelabs.net>
2003-05-04 18:57:29 +00:00 · 2003-05-04 18:57:29 +00:00 · ac7eb24eb5
commit ac7eb24eb5
parent 9e0d29307c
5 changed files with 120 additions and 0 deletions
--- a/net/aguri/Makefile
+++ b/net/aguri/Makefile
@ -0,0 +1,32 @@
+# $OpenBSD: Makefile,v 1.1.1.1 2003/05/04 18:57:29 margarida Exp $
+
+COMMENT=		"aggregation-based Network Traffic Profiler"
+
+DISTNAME=		aguri-0.5
+CATEGORIES=		net
+
+HOMEPAGE=		http://www.csl.sony.co.jp/person/kjc/software.html
+
+MAINTAINER=		Jose Nazario <jose@crimelabs.net>
+
+# BSD
+PERMIT_PACKAGE_CDROM=	Yes 
+PERMIT_PACKAGE_FTP=	Yes
+PERMIT_DISTFILES_CDROM=	Yes 
+PERMIT_DISTFILES_FTP=	Yes
+
+MASTER_SITES=		ftp://ftp.csl.sony.co.jp/pub/kjc/
+
+USE_X11=		Yes
+MAKE_FLAGS=		CC="${CC}" CFLAGS="${CFLAGS}"
+
+post-install:
+		${INSTALL_SCRIPT_DIR} ${PREFIX}/share/aguri/
+.for script in README agurify.pl density.pl makeplot.pl
+		${INSTALL_SCRIPT} ${WRKDIST}/scripts/${script} \
+			${PREFIX}/share/aguri
+.endfor
+
+NO_REGRESS=		Yes
+
+.include <bsd.port.mk>
--- a/net/aguri/distinfo
+++ b/net/aguri/distinfo
@ -0,0 +1,3 @@
+MD5 (aguri-0.5.tar.gz) = ae25dec143a29e92be3b314dd5af2991
+RMD160 (aguri-0.5.tar.gz) = 0689c5eab30fc578307cb02c430edb02208c0f71
+SHA1 (aguri-0.5.tar.gz) = 3d2e909481f99ed0e4497ab87d3b93758ec31572
--- a/net/aguri/patches/patch-read_pcap_c
+++ b/net/aguri/patches/patch-read_pcap_c
@ -0,0 +1,59 @@
+$OpenBSD: patch-read_pcap_c,v 1.1.1.1 2003/05/04 18:57:29 margarida Exp $
+--- read_pcap.c.orig	Thu Mar 22 02:19:46 2001
+++ read_pcap.c	Sat Feb 22 14:37:30 2003
+@@ -36,6 +36,7 @@
+ #include <sys/socket.h>
+ #include <sys/queue.h>
+ #include <net/if.h>
+#include <net/if_pflog.h>
+ #include <netinet/in.h>
+ #include <netinet/in_systm.h>
+ #include <netinet/if_ether.h>
+@@ -63,6 +64,8 @@
+ 
+ static void ether_if_read(u_char *user, const struct pcap_pkthdr *h,
+ 			  const u_char *p);
+static void pflog_if_read(u_char *user, const struct pcap_pkthdr *h,
+			  const u_char *p);
+ static void fddi_if_read(u_char *user, const struct pcap_pkthdr *h,
+ 			 const u_char *p);
+ static void atm_if_read(u_char *user, const struct pcap_pkthdr *h,
+@@ -115,6 +118,7 @@ static struct printer printers[] = {
+ #endif
+ 	{ ppp_if_read,	DLT_PPP },
+ 	{ null_if_read,	DLT_NULL },
+	{ pflog_if_read,	DLT_PFLOG },
+ 	{ NULL,			0 },
+ };
+ 
+@@ -173,6 +177,30 @@ ether_if_read(u_char *user, const struct
+ 	} else if (ether_encap_read(ether_type, p, length, caplen) == 0) {
+ 		/* ether_type not known */
+ 	}
+}
+
+static void
+pflog_if_read(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
+{
+	int caplen = h->caplen;
+	int length = h->len;
+
+	if (caplen < PFLOG_HDRLEN) {
+		return;
+	}
+
+	/*
+	 * Some printers want to get back at the ethernet addresses,
+	 * and/or check that they're not walking off the end of the packet.
+	 * Rather than pass them all the way down, we set these globals.
+	 */
+	packetp = p;
+	snapend = p + caplen;
+
+	p += PFLOG_HDRLEN;
+	length -= PFLOG_HDRLEN;
+	caplen -= PFLOG_HDRLEN;
+	ip_read(p, length);
+ }
+ 
+ static int
--- a/net/aguri/pkg/DESCR
+++ b/net/aguri/pkg/DESCR
@ -0,0 +1,18 @@
+Aguri is an aggregation-based traffic profiler targeted for 
+near real-time, long-term, and wide-area traffic monitoring. 
+Aguri adapts itself to spatial traffic distribution by 
+aggregating small volume flows into aggregates, and achieves
+temporal aggregation by creating a summary of summaries applying
+the same algorithm to its outputs.
+A set of scripts are used for archiving and visualizing summaries
+in different time scales. Aguri does not need a predefined rule 
+set and is capable of detecting an unexpected increase of unknown
+protocols or DoS attacks, which considerably simplifies the task
+of network monitoring.
+
+Aguri monitors network traffic using libpcap(3), and produces a
+summary when it receives a HUP signal. Periodic summaries can be
+obtained by sending HUP signals from cron(8) to the running aguri 
+program.
+
+WWW: ${HOMEPAGE}
--- a/net/aguri/pkg/PLIST
+++ b/net/aguri/pkg/PLIST
@ -0,0 +1,8 @@
+@comment $OpenBSD: PLIST,v 1.1.1.1 2003/05/04 18:57:29 margarida Exp $
+bin/aguri
+man/man1/aguri.1
+share/aguri/README
+share/aguri/agurify.pl
+share/aguri/density.pl
+share/aguri/makeplot.pl
+@dirrm share/aguri