1 |
robbat2 08/03/17 08:41:12 |
2 |
|
3 |
Added: conf.d-fprobe fprobe-1.1-pidfile-sanity.patch |
4 |
fprobe-1.1-setgroups.patch init.d-fprobe |
5 |
Log: |
6 |
Patch up the code to work properly under start-stop-daemon, and with the builtin chroot support. Also include Gentoo init.d support finally, modelled after the flow-tools init.d script. |
7 |
(Portage version: 2.1.4.4) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-analyzer/fprobe/files/conf.d-fprobe |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fprobe/files/conf.d-fprobe?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fprobe/files/conf.d-fprobe?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: conf.d-fprobe |
16 |
=================================================================== |
17 |
# Config file for /etc/init.d/fprobe |
18 |
|
19 |
# Do we want the interface in promiscous mode [yes/no] |
20 |
#PROMISC=no |
21 |
|
22 |
# Interface |
23 |
IFACE=eth0 |
24 |
|
25 |
# If configured, only capture packets matching this tcpdump expression |
26 |
#FILTER="" |
27 |
|
28 |
# Flow state timers |
29 |
#TIMER_EXPIRED=5 |
30 |
#TIMER_FRAGMENTED=30 |
31 |
#TIMER_IDLE=60 |
32 |
#TIMER_ACTIVE=300 |
33 |
|
34 |
# This is the default and should be left unless you know what you are doing |
35 |
#FLOW_VER=5 |
36 |
|
37 |
# local ip. if configured fprobe will use this as the source IP for sending ALL flow data |
38 |
# If you want to specify a specific source address per collecter, customize it below |
39 |
#LOCALIP= |
40 |
|
41 |
# SNMP iface id |
42 |
SNMP_IFACE="${IFACE//eth}" |
43 |
|
44 |
# Maximum number of concurrent flows to track |
45 |
# using a specified amount of memory |
46 |
#MEMBULK=10000 |
47 |
#MEMLIMIT= |
48 |
|
49 |
# Pending queue |
50 |
#PENDING=100 |
51 |
|
52 |
# Kernel capture buffer size (kB) |
53 |
#KERNBUF=1024 |
54 |
|
55 |
# Realtime priority [0=disabled, 1..99] |
56 |
#RTPRIO=0 |
57 |
|
58 |
# Delay N nanoseconds after each B bytes |
59 |
#DELAY="0:0" |
60 |
|
61 |
# How much of the start of each packet to grab |
62 |
#SNAPLEN=256 |
63 |
|
64 |
# chroot() to this location after startup |
65 |
CHROOT="/var/empty" |
66 |
|
67 |
# User to run as. must have perms to the pidfile directory /var/run/fprobe/ |
68 |
USER=nobody |
69 |
|
70 |
# logging level for syslog (0=EMERG, ..., 6=INFO, 7=DEBUG) |
71 |
#LOGLEVEL=6 |
72 |
|
73 |
# If you want to run multiple instances of fprobe, |
74 |
# You MUST set this variable to a unique INTEGER for each one! |
75 |
PIDFILE_ID='' |
76 |
|
77 |
# remote ip. this is where we send flows |
78 |
REMOTEIP=127.0.0.1 |
79 |
# port to listen on |
80 |
PORT=2055 |
81 |
# Collector type, see the manpage for valid types |
82 |
TYPE='' |
83 |
|
84 |
# If you want multiple collectors, just specify each one here |
85 |
COLLECTORS="${REMOTEIP}:${PORT}/${LOCALIP}/${TYPE}" |
86 |
|
87 |
# vim:ft=gentoo-conf-d: |
88 |
|
89 |
|
90 |
|
91 |
1.1 net-analyzer/fprobe/files/fprobe-1.1-pidfile-sanity.patch |
92 |
|
93 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fprobe/files/fprobe-1.1-pidfile-sanity.patch?rev=1.1&view=markup |
94 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fprobe/files/fprobe-1.1-pidfile-sanity.patch?rev=1.1&content-type=text/plain |
95 |
|
96 |
Index: fprobe-1.1-pidfile-sanity.patch |
97 |
=================================================================== |
98 |
If we are using the chroot() option or the setuid options, we must create the |
99 |
pidfile before doing the chroot OR the setreuid. It's actually best for |
100 |
start-stop-daemon if we create the pidfile from the master side of the fork() |
101 |
before it exits, since most of the startup checks happen after the chroot() |
102 |
unfortunetly. |
103 |
|
104 |
Signed-off-by: Robin H. Johnson <robbat2@g.o> |
105 |
|
106 |
diff -Nuar fprobe-1.1.orig/src/fprobe.c fprobe-1.1/src/fprobe.c |
107 |
--- fprobe-1.1.orig/src/fprobe.c 2005-01-30 08:43:35.000000000 +0000 |
108 |
+++ fprobe-1.1/src/fprobe.c 2008-03-16 20:51:24.000000000 +0000 |
109 |
@@ -1379,7 +1379,8 @@ |
110 |
|
111 |
my_log_open(ident, verbosity, log_dest); |
112 |
if (!(log_dest & 2)) { |
113 |
- switch (fork()) { |
114 |
+ pid_t childpid = fork(); |
115 |
+ switch (childpid) { |
116 |
case -1: |
117 |
fprintf(stderr, "fork(): %s", strerror(errno)); |
118 |
exit(1); |
119 |
@@ -1392,6 +1393,12 @@ |
120 |
break; |
121 |
|
122 |
default: |
123 |
+ if (!(pidfile = fopen(pidfilepath, "w"))) |
124 |
+ my_log(LOG_ERR, "Can't create pid file. fopen(): %s", strerror(errno)); |
125 |
+ else { |
126 |
+ fprintf(pidfile, "%ld\n", (long) childpid); |
127 |
+ fclose(pidfile); |
128 |
+ } |
129 |
exit(0); |
130 |
} |
131 |
} else { |
132 |
@@ -1548,13 +1555,6 @@ |
133 |
} |
134 |
} |
135 |
|
136 |
- if (!(pidfile = fopen(pidfilepath, "w"))) |
137 |
- my_log(LOG_ERR, "Can't create pid file. fopen(): %s", strerror(errno)); |
138 |
- else { |
139 |
- fprintf(pidfile, "%ld\n", (long) pid); |
140 |
- fclose(pidfile); |
141 |
- } |
142 |
- |
143 |
my_log(LOG_INFO, "pid: %d", pid); |
144 |
my_log(LOG_INFO, "interface: %s, datalink: %s (%d)", |
145 |
dev, dlt[link_type_idx].descr, link_type); |
146 |
|
147 |
|
148 |
|
149 |
1.1 net-analyzer/fprobe/files/fprobe-1.1-setgroups.patch |
150 |
|
151 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fprobe/files/fprobe-1.1-setgroups.patch?rev=1.1&view=markup |
152 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fprobe/files/fprobe-1.1-setgroups.patch?rev=1.1&content-type=text/plain |
153 |
|
154 |
Index: fprobe-1.1-setgroups.patch |
155 |
=================================================================== |
156 |
This seems to fail after the chroot(), so just squelch the exit for now. |
157 |
|
158 |
Signed-off-by: Robin H. Johnson <robbat2@g.o> |
159 |
|
160 |
diff -Nuar fprobe-1.1/src/fprobe.c fprobe-1.1.new/src/fprobe.c |
161 |
--- fprobe-1.1/src/fprobe.c 2008-03-17 00:06:43.000000000 +0000 |
162 |
+++ fprobe-1.1.new/src/fprobe.c 2008-03-17 00:07:30.000000000 +0000 |
163 |
@@ -1541,10 +1541,10 @@ |
164 |
} |
165 |
|
166 |
if (pw) { |
167 |
if (setgroups(0, NULL) < 0) { |
168 |
my_log(LOG_CRIT, "setgroups: %s", strerror(errno)); |
169 |
- exit(1); |
170 |
+ //exit(1); |
171 |
} |
172 |
if (setregid(pw->pw_gid, pw->pw_gid)) { |
173 |
my_log(LOG_CRIT, "setregid(%u): %s", pw->pw_gid, strerror(errno)); |
174 |
exit(1); |
175 |
|
176 |
|
177 |
|
178 |
1.1 net-analyzer/fprobe/files/init.d-fprobe |
179 |
|
180 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fprobe/files/init.d-fprobe?rev=1.1&view=markup |
181 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-analyzer/fprobe/files/init.d-fprobe?rev=1.1&content-type=text/plain |
182 |
|
183 |
Index: init.d-fprobe |
184 |
=================================================================== |
185 |
#!/sbin/runscript |
186 |
# Copyright 1999-2008 Gentoo Foundation |
187 |
# Distributed under the terms of the GNU General Public License v2 |
188 |
|
189 |
depend() { |
190 |
need net |
191 |
} |
192 |
|
193 |
BIN=/usr/sbin/fprobe |
194 |
PIDFILE_EXTRA="" |
195 |
[ -n "$PIDFILE_ID" ] && PIDFILE_EXTRA="[$PIDFILE_ID]" |
196 |
PIDFILE="/var/run/fprobe$PIDFILE_EXTRA.pid" |
197 |
|
198 |
start() { |
199 |
ebegin "Starting fprobe" |
200 |
local OPTS="" |
201 |
[ "${PROMISC}" == "yes" ] && OPTS="${OPTS} -p" |
202 |
[ -n "${FILTER}" ] && OPTS="${OPTS} -f '${FILTER}'" |
203 |
for optname in i:IFACE s:TIMER_EXPIRED g:TIME_FRAGMENTED d:TIMER_IDLE \ |
204 |
e:TIMER_ACTIVE n:FLOW_VER a:LOCALIP x:SNMP_IFACE b:MEMBULK \ |
205 |
m:MEMLIMIT q:PENDING B:KERNBUF r:RTPRIO t:DELAY S:SNAPLEN \ |
206 |
c:CHROOT u:USER v:LOGLEVEL ; do |
207 |
opt="${optname/:*}" optvar="${optname/*:}" |
208 |
optvalue="${!optvar}" |
209 |
[ -n "$optvalue" ] && OPTS="${OPTS} -${opt} ${optvalue}" |
210 |
done |
211 |
OPTS="${OPTS} -l 1:${PIDFILE_ID} ${COLLECTORS}" |
212 |
start-stop-daemon --start --exec $BIN \ |
213 |
--pidfile ${PIDFILE} \ |
214 |
-- ${OPTS} |
215 |
eend $? |
216 |
} |
217 |
|
218 |
stop() { |
219 |
ebegin "Stopping fprobe" |
220 |
start-stop-daemon --stop --quiet --exec $BIN \ |
221 |
--pidfile ${PIDFILE} |
222 |
eend $? |
223 |
} |
224 |
|
225 |
# vim:ft=gentoo-init-d: |
226 |
|
227 |
|
228 |
|
229 |
-- |
230 |
gentoo-commits@l.g.o mailing list |