head 1.6; access; symbols pkgsrc-2013Q2:1.6.0.28 pkgsrc-2013Q2-base:1.6 pkgsrc-2012Q4:1.6.0.26 pkgsrc-2012Q4-base:1.6 pkgsrc-2011Q4:1.6.0.24 pkgsrc-2011Q4-base:1.6 pkgsrc-2011Q2:1.6.0.22 pkgsrc-2011Q2-base:1.6 pkgsrc-2009Q4:1.6.0.20 pkgsrc-2009Q4-base:1.6 pkgsrc-2008Q4:1.6.0.18 pkgsrc-2008Q4-base:1.6 pkgsrc-2008Q3:1.6.0.16 pkgsrc-2008Q3-base:1.6 cube-native-xorg:1.6.0.14 cube-native-xorg-base:1.6 pkgsrc-2008Q2:1.6.0.12 pkgsrc-2008Q2-base:1.6 pkgsrc-2008Q1:1.6.0.10 pkgsrc-2008Q1-base:1.6 pkgsrc-2007Q4:1.6.0.8 pkgsrc-2007Q4-base:1.6 pkgsrc-2007Q3:1.6.0.6 pkgsrc-2007Q3-base:1.6 pkgsrc-2007Q2:1.6.0.4 pkgsrc-2007Q2-base:1.6 pkgsrc-2007Q1:1.6.0.2 pkgsrc-2007Q1-base:1.6 pkgsrc-2006Q4:1.5.0.10 pkgsrc-2006Q4-base:1.5 pkgsrc-2006Q3:1.5.0.8 pkgsrc-2006Q3-base:1.5 pkgsrc-2006Q2:1.5.0.6 pkgsrc-2006Q2-base:1.5 pkgsrc-2006Q1:1.5.0.4 pkgsrc-2006Q1-base:1.5 pkgsrc-2005Q4:1.5.0.2 pkgsrc-2005Q4-base:1.5 pkgsrc-2005Q3:1.4.0.10 pkgsrc-2005Q3-base:1.4 pkgsrc-2005Q2:1.4.0.8 pkgsrc-2005Q2-base:1.4 pkgsrc-2005Q1:1.4.0.6 pkgsrc-2005Q1-base:1.4 pkgsrc-2004Q4:1.4.0.4 pkgsrc-2004Q4-base:1.4 pkgsrc-2004Q3:1.4.0.2 pkgsrc-2004Q3-base:1.4 pkgsrc-2004Q2:1.3.0.6 pkgsrc-2004Q2-base:1.3 pkgsrc-2004Q1:1.3.0.4 pkgsrc-2004Q1-base:1.3 pkgsrc-2003Q4:1.3.0.2 pkgsrc-2003Q4-base:1.3 netbsd-1-6:1.1.1.2.0.8 netbsd-1-6-RELEASE-base:1.1.1.2 pkgviews:1.1.1.2.0.4 pkgviews-base:1.1.1.2 buildlink2:1.1.1.2.0.2 buildlink2-base:1.1.1.2 netbsd-1-5-PATCH003:1.1.1.2 netbsd-1-5-PATCH001:1.1.1.2 pkgsrc-base:1.1.1.2 TNF:1.1.1; locks; strict; comment @# @; 1.6 date 2007.03.05.20.31.53; author adrianp; state dead; branches; next 1.5; 1.5 date 2005.12.08.19.14.47; author joerg; state Exp; branches; next 1.4; 1.4 date 2004.08.14.10.09.15; author adrianp; state dead; branches; next 1.3; 1.3 date 2003.10.01.23.13.13; author recht; state Exp; branches; next 1.2; 1.2 date 2003.01.25.13.59.05; author wiz; state dead; branches; next 1.1; 1.1 date 2001.03.26.05.12.56; author zuntum; state Exp; branches 1.1.1.1; next ; 1.1.1.1 date 2001.03.26.05.12.56; author zuntum; state Exp; branches; next 1.1.1.2; 1.1.1.2 date 2001.03.26.11.59.15; author hubertf; state Exp; branches; next ; desc @@ 1.6 log @Update to 2.0.8 Patches from Matthias Drochner (thanks !) Version 2.0.8: ------------- More fingerprints, signature cleanup. p0fping.c and diagnostic queries added. Socket ownership fix when dropping privs. Some -O signatures. Version 2.0.7: -------------- Added -0 mode for port 0 wildcards in queries. Added -e option to make p0f work on some boxes. HDLC support added. New fingerprints, including Windows Vista betas. [BUG] Fixed timezone in logs after chroot(). [BUG] Unlikely command-line overflow with VLANs fixed. Version 2.0.6: -------------- [BUG] Fixed pcap naming madness. Support for Cygwin. More signatures. Plenty of -A sigs from Ryan Kruse. [BUG] Fix to a command-line parsing snafu with sprintf; shame on me ;-) Timestamps in masquerade detection. Write PID to /var/run/p0f.pid @ text @$NetBSD: patch-ab,v 1.5 2005/12/08 19:14:47 joerg Exp $ --- p0f.c.orig 2005-12-08 19:10:32.000000000 +0000 +++ p0f.c @@@@ -36,7 +36,9 @@@@ #include #include +#ifndef __DragonFly__ #include +#endif #include #include @ 1.5 log @Use NetBSD rules for DragonFly as well. Don't include both, net/bpf.h and pcap.h, on DragonFly. @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @- Update to 2.0.4 - Replace SED with SUBST.* - Improve DESCR - ok'ed snj@@/wiz@@ From the Changelog: Verison 2.0.4: -------------- More signatures. Improved documentation, mentions of p0f_db, etc. [BUG] Fixed a minor problem with installation on systems w/o /usr/man/. [BUG] Fixed a DLT_NULL problem, added a new loopback signature. Multiple timestamp options, timestamps now read from pcap dumps. Sync with new Windows port code. [BUG] Fixed one-line reporting for masquerade detection. @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.3 2003/10/01 23:13:13 recht Exp $ d3 11 a13 9 --- config.h.orig 2003-10-02 01:02:16.000000000 +0200 +++ config.h 2003-10-02 01:03:03.000000000 +0200 @@@@ -19,7 +19,7 @@@@ #ifdef WIN32 # define CONFIG_DIR "." #else -# define CONFIG_DIR "/etc/p0f" +# define CONFIG_DIR "@@PKG_SYSCONFDIR@@" #endif /* WIN32 */ a14 1 #define SYN_DB "p0f.fp" @ 1.3 log @Update to 2.0.2 patch provided in PR 22939 by Adrian Portelli Version 2.0.2: -------------- Cleanup of the RST mess in p0fr.fp and p0f.c parser. Added isprint() text preview for -x mode. [BUG] Fixed packet size reporting and matching for packets over 255 bytes (_u8 -> _u16). Extended RST+ACK to also cover plain RST, added some sane explanations of the purpose of each mode. Clarification of the RST vs RST+ACK occurences; test/sendack.c added. Added -R option for RST+ACK fingerprinting. Created an empty database. Moved databases from /etc to /etc/p0f/ Windows memory leak mystery solved. No longer using pcap timeouts for anything. They suck. I first wanted to use SIGALRM with no SA_RESTART, but it's broken on Linux on this particular syscall. Fortunately, I spotted an mis-documented pcap_fileno and can now use select(). I just hope it won't break. Note to self: despite of the documentation saying pcap_open_live with timeout 0 will simply never timeout (which is irrelevant for pcap_loop anyway), it does not work on FreeBSD, inhibiting all packet processing instead. Works fine on Linux. Go figure. Some minor p0fq fixes to prevent warnings. Added some SYN+ACK signatures from rfp (p0fa.fp). Hooray! p0fa.fp is now official. Moved from test/ to ., etc. README updated. [BUG] Fixed the default TTL for IRIX and Tru64 (60), added a note to p0f.fp, fixed TTL checker to also support %30 values. [BUG] Fixed query mode lookup. The old code didn't handle reverse lookups properly. Masquerade scoring data is now available via the query interface. P0fq utility updated to handle this. Dropped /bin/bash from p0frep, /bin/sh would suffice. Added a new -c option for -M and -Q cache size scaling, packet ratio information on Ctrl-C to help estimate the right parameter. Extra masquerade detection flags: -T for threshold, -V for detailed flag breakdown; masquerade reporting now recognizes -r. The new -w option writes all matching packets to a pcap file (regardless of -K and -U settings). Added -M option (unix only until p0f-query.c gets ported). This option enables advanced masquerade detection based on the cyclic buffer used by -Q. Added - signature flag to the config file. Some documentation for the new functionality. [BUG] Cleaned up the -K and -U semantics with -Q. Replaced some single-character printfs with putchars in signature reporting code (should be a tad faster). Added signature check reporting, generic signature count and some other minor tweaks. The new -x option provides a hexadecimal TCP/IP packet dump. Useful when comparing two colliding fingerprints to find some differences not covered by the current quirks set. PPPoE interface is now handled correctly on NetBSD. Added a shoddy manpage and updated makefiles. Removed E quirk and added E to the regular options; removed needless EOL append code from the parser. Breaks the old signature format in some rare cases, but the old quirk is still recognized, and the user will be advised to change it. [BUG] Fixed ? option parsing bug that prevented RISC OS signature from working (and would prevent all ? signatures from working, should there be any other ;-). New signatures and other database additions, of course. [BUG] Fixed a very minor parser bug that could cause it to loop over an unknown option with a declared length of zero. This is not a DoS condition, because the parser would quit the loop after parsing max. 16 options anyway. @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @Remove (hi hubert!) @ text @d1 1 a1 1 $NetBSD: patch-ab,v 1.1 2001/03/26 05:12:56 zuntum Exp $ d3 9 a11 5 --- Makefile.orig Tue Jun 13 20:45:06 2000 +++ Makefile @@@@ -3,20 +3,19 @@@@ # (c) # d13 1 a13 20 -CC = gcc CLIBS = -lpcap SUNLIBS = -lsocket -lnsl -D_SUN_=1 STRIP = strip -CFLAGS = -O3 -Wall FILE = p0f VERSION = 1.7 DISTRO = p0f.c Makefile README COPYING tcp.h p0f.fp -all: $(FILE) strip +all: $(FILE) $(FILE): p0f.c - $(CC) $(CFLAGS) -DVER=\"$(VERSION)\" -o $@@ $< $(CLIBS) \ + $(CC) $(CFLAGS) -DVER=\"$(VERSION)\" -DPREFIX=\"${PREFIX}\" -o \ + $@@ $< $(CLIBS) \ `uname|egrep -i 'sunos|solar' >/dev/null && echo "$(SUNLIBS)"` strip: @ 1.1 log @Initial revision @ text @d1 1 a1 1 $NetBSD$ @ 1.1.1.1 log @Initial import of p0f-1.7 Passive OS fingerprinting technique based on information coming from remote host when it establishes connection to our system. Captured packets contains enough information to determine OS - and, unlike active scanners (nmap, queSO) - without sending anything to this host. Package contributed by Dawid Szymanski on IRC. @ text @@ 1.1.1.2 log @Add p0f-1.7: passive OS fingerprinting tool Passive OS fingerprinting technique based on information coming from remote host when it establishes connection to our system. Captured packets contains enough information to determine OS - and, unlike active scanners (nmap, queSO) - without sending anything to this host. Submitted by in private mail. @ text @d3 1 a3 1 --- Makefile.orig Mon Mar 26 06:21:15 2001 d5 16 a20 2 @@@@ -16,7 +16,8 @@@@ all: $(FILE) strip @