Package: p0f
Version: 3.09b
Severity: wishlist
Tags: patch
I like the output of the log file, but I don't like the normal output as it's
too long. This patch was against 3.06b but should apply to 3.09b.
Option -q causes the output to be mostly quiet. There is some output.
Option -o has been enhanced to allow - as the name to indicate stdout.
I wrote this for myself and documentation was not important so the changes
weren't documented anywhere, thus also not in the patch.
If there is interest, I can add the documentation.
--- p0f.c 2012-09-30 00:44:27.000000000 -0400
+++ /home/wakko/p0f-3.06b/p0f.c 2012-11-05 19:35:20.028244647 -0500
@@ -1,5 +1,6 @@
/*
- p0f - main entry point and all the pcap / unix socket innards
+ p0f - main
+ entry point and all the pcap / unix socket innards
-------------------------------------------------------------
Copyright (C) 2012 by Michal Zalewski <lcam...@coredump.cx>
@@ -93,6 +94,8 @@
u8 daemon_mode; /* Running in daemon mode? */
static u8 set_promisc; /* Use promiscuous mode? */
+
+static u8 set_quiet; /* Don't output anything. Use -o to log */
static pcap_t *pt; /* PCAP capture thingy */
@@ -217,7 +220,10 @@
static void open_log(void) {
struct stat st;
- s32 log_fd;
+ s32 log_fd = -1;
+
+ if (log_file && log_file[0] == '-' && log_file[1] == 0)
+ goto lf_open;
log_fd = open((char*)log_file, O_WRONLY | O_APPEND | O_NOFOLLOW | O_LARGEFILE);
@@ -241,11 +247,21 @@
if (flock(log_fd, LOCK_EX | LOCK_NB))
FATAL("'%s' is being used by another process.", log_file);
- lf = fdopen(log_fd, "a");
-
- if (!lf) FATAL("fdopen() on '%s' failed.", log_file);
-
- SAYF("[+] Log file '%s' opened for writing.\n", log_file);
+lf_open:
+ lf = (log_fd == -1) ?
+ fdopen(1, "w") :
+ fdopen(log_fd, "a");
+
+ if (!lf)
+ FATAL("fdopen() on '%s' failed.",
+ (int)log_fd == -1 ?
+ "stdout" :
+ (char *)log_file);
+
+ if (log_fd == -1)
+ SAYF("[+] Log file using stdout for writing.\n");
+ else
+ SAYF("[+] Log file '%s' opened for writing.\n", log_file);
}
@@ -311,7 +327,7 @@
if (obs_fields) FATAL("Premature end of observation.");
- if (!daemon_mode) {
+ if (!daemon_mode && !set_quiet) {
SAYF(".-[ %s/%u -> ", addr_to_str(f->client->addr, f->client->ip_ver),
f->cli_port);
@@ -353,7 +369,7 @@
if (!obs_fields) FATAL("Unexpected observation field ('%s').", key);
- if (!daemon_mode)
+ if (!daemon_mode && !set_quiet)
SAYF("| %-8s = %s\n", key, value ? value : (u8*)"???");
if (log_file) LOGF("|%s=%s", key, value ? value : (u8*)"???");
@@ -362,7 +378,7 @@
if (!obs_fields) {
- if (!daemon_mode) SAYF("|\n`----\n\n");
+ if (!daemon_mode && !set_quiet) SAYF("|\n`----\n\n");
if (log_file) LOGF("\n");
@@ -1022,7 +1038,7 @@
if (getuid() != geteuid())
FATAL("Please don't make me setuid. See README for more.\n");
- while ((r = getopt(argc, argv, "+LS:df:i:m:o:pr:s:t:u:")) != -1) switch (r) {
+ while ((r = getopt(argc, argv, "+LS:df:i:m:o:pr:qs:t:u:")) != -1) switch (r) {
case 'L':
@@ -1104,6 +1120,10 @@
set_promisc = 1;
break;
+ case 'q':
+ set_quiet = 1;
+ break;
+
case 'r':
if (read_file)
@@ -1168,6 +1188,13 @@
if (!api_sock && api_max_conn != API_MAX_CONN)
FATAL("Option -S makes sense only with -s.");
+ if (set_quiet) {
+ if (daemon_mode)
+ FATAL("Daemon mode is already quiet");
+ if (!log_file)
+ FATAL("Quiet requires a log file");
+ }
+
if (daemon_mode) {
if (read_file)
