After discussing this with Stuart, let's update the existing hping port instead of adding another one. The interface is the same and we don't bake Tcl support into the executable anyway.
ok? (now using user/uid _hping/784 instead of _hping3/783) Index: Makefile =================================================================== RCS file: /d/cvs/ports/net/hping/Makefile,v retrieving revision 1.31 diff -u -p -r1.31 Makefile --- Makefile 11 Nov 2016 21:07:29 -0000 1.31 +++ Makefile 4 Dec 2016 19:05:40 -0000 @@ -1,10 +1,13 @@ # $OpenBSD: Makefile,v 1.31 2016/11/11 21:07:29 jca Exp $ -COMMENT= TCP/UDP ping/traceroute tool +COMMENT= command-line oriented TCP/IP packet assembler/analyzer + +GH_ACCOUNT= antirez +GH_PROJECT= hping +GH_COMMIT= 3547c7691742c6eaa31f8402e0ccbb81387c1b99 +DISTNAME= hping-3.0.0-alpha-1 +PKGNAME= hping-3.0.0pre1 -DISTNAME= hping2.0.0-rc3 -PKGNAME= hping-2.0.0rc3 -REVISION= 4 CATEGORIES= net HOMEPAGE= http://www.hping.org/ @@ -14,23 +17,19 @@ PERMIT_PACKAGE_CDROM= Yes WANTLIB= c pcap -MASTER_SITES= ${HOMEPAGE} - -WRKDIST= ${WRKDIR}/${DISTNAME:S/.0.0//} +CONFIGURE_STYLE=simple +CONFIGURE_ARGS= --no-tcl MAKE_FLAGS= CC="${CC}" \ - CCOPT="${CFLAGS}" - -CONFIGURE_STYLE=simple + CFLAGS="${CFLAGS}" -USE_GROFF = Yes NO_TEST= Yes -pre-install: - sed -i "s,hping2,hping," ${WRKSRC}/docs/hping2.8 +post-extract: + sed -i 's/hping2/hping/g; s/HPING2/HPING/g' ${WRKSRC}/docs/hping3.8 do-install: - ${INSTALL_PROGRAM} ${WRKSRC}/hping2 ${PREFIX}/sbin/hping - ${INSTALL_MAN} ${WRKSRC}/docs/hping2.8 ${PREFIX}/man/man8/hping.8 + ${INSTALL_PROGRAM} ${WRKBUILD}/hping3 ${PREFIX}/sbin/hping + ${INSTALL_MAN} ${WRKSRC}/docs/hping3.8 ${PREFIX}/man/man8/hping.8 .include <bsd.port.mk> Index: distinfo =================================================================== RCS file: /d/cvs/ports/net/hping/distinfo,v retrieving revision 1.7 diff -u -p -r1.7 distinfo --- distinfo 18 Jan 2015 03:14:39 -0000 1.7 +++ distinfo 4 Dec 2016 18:50:23 -0000 @@ -1,2 +1,2 @@ -SHA256 (hping2.0.0-rc3.tar.gz) = 9ZKS3jm5pAEEFL0SCklCJjmXZxSO+jcni9U9lhMWeWQ= -SIZE (hping2.0.0-rc3.tar.gz) = 124573 +SHA256 (hping-3.0.0-alpha-1.tar.gz) = 9PrQGX9JP6eFRgRdvG2kBAwsgPxOM7jTIK9rFdqxlRk= +SIZE (hping-3.0.0-alpha-1.tar.gz) = 572322 Index: patches/patch-Makefile_in =================================================================== RCS file: /d/cvs/ports/net/hping/patches/patch-Makefile_in,v retrieving revision 1.1 diff -u -p -r1.1 patch-Makefile_in --- patches/patch-Makefile_in 24 Apr 2005 22:59:08 -0000 1.1 +++ patches/patch-Makefile_in 4 Dec 2016 18:49:14 -0000 @@ -1,21 +1,14 @@ $OpenBSD: patch-Makefile_in,v 1.1 2005/04/24 22:59:08 alek Exp $ ---- Makefile.in.orig Mon May 3 11:29:39 2004 -+++ Makefile.in Mon Apr 25 00:06:21 2005 -@@ -10,7 +10,7 @@ CC= gcc +--- Makefile.in.orig Thu Nov 10 14:16:59 2016 ++++ Makefile.in Thu Nov 10 14:17:30 2016 +@@ -9,8 +9,8 @@ + CC= gcc AR=/usr/bin/ar RANLIB=/usr/bin/ranlib - CCOPT= -O2 -Wall @PCAP_INCLUDE@ +-CCOPT= -O2 -Wall @PCAP_INCLUDE@ @TCL_INC@ @USE_TCL@ -DEBUG= -g ++CCOPT= -Wall ${CFLAGS} @PCAP_INCLUDE@ @TCL_INC@ @USE_TCL@ +DEBUG= #uncomment the following if you need libpcap based build under linux #(not raccomanded) - COMPILE_TIME= @FORCE_LIBPCAP@ -@@ -39,7 +39,7 @@ ARSOBJ = ars.o apd.o split.o - all: hping2 - - libars.a: $(ARSOBJ) -- $(AR) rc $@ $^ -+ $(AR) rc $@ $(ARSOBJ) - $(RANLIB) $@ - - hping2: byteorder.h $(OBJ) + COMPILE_TIME= Index: patches/patch-bytesex_h =================================================================== RCS file: patches/patch-bytesex_h diff -N patches/patch-bytesex_h --- patches/patch-bytesex_h 1 May 2015 17:40:58 -0000 1.3 +++ /dev/null 1 Jan 1970 00:00:00 -0000 @@ -1,30 +0,0 @@ -$OpenBSD: patch-bytesex_h,v 1.3 2015/05/01 17:40:58 ajacoutot Exp $ ---- bytesex.h.orig Sat Jun 18 08:40:22 2005 -+++ bytesex.h Sat Jun 18 08:42:22 2005 -@@ -4,20 +4,17 @@ - - /* $Id: patch-bytesex_h,v 1.3 2015/05/01 17:40:58 ajacoutot Exp $ */ - -+#include <endian.h> -+ - #ifndef ARS_BYTESEX_H - #define ARS_BYTESEX_H - --#if defined(__i386__) \ -- || defined(__alpha__) \ -- || (defined(__mips__) && (defined(MIPSEL) || defined (__MIPSEL__))) -+#if BYTE_ORDER == LITTLE_ENDIAN - #define BYTE_ORDER_LITTLE_ENDIAN --#elif defined(__mc68000__) \ -- || defined (__sparc__) \ -- || defined (__sparc) \ -- || defined (__PPC__) \ -- || defined (__BIG_ENDIAN__) \ -- || (defined(__mips__) && (defined(MIPSEB) || defined (__MIPSEB__))) -+ -+#elif BYTE_ORDER == BIG_ENDIAN - #define BYTE_ORDER_BIG_ENDIAN -+ - #else - # error can not find the byte order for this architecture, fix bytesex.h - #endif Index: patches/patch-getlhs_c =================================================================== RCS file: /d/cvs/ports/net/hping/patches/patch-getlhs_c,v retrieving revision 1.1 diff -u -p -r1.1 patch-getlhs_c --- patches/patch-getlhs_c 2 Apr 2013 15:15:53 -0000 1.1 +++ patches/patch-getlhs_c 4 Dec 2016 20:09:16 -0000 @@ -1,11 +1,14 @@ $OpenBSD: patch-getlhs_c,v 1.1 2013/04/02 15:15:53 sthen Exp $ ---- getlhs.c.orig Tue Apr 2 16:09:52 2013 -+++ getlhs.c Tue Apr 2 16:10:57 2013 -@@ -62,6 +62,7 @@ int get_linkhdr_size(char *ifname) + +- handle pppoe interfaces + +--- getlhs.c.orig Fri Dec 26 15:31:29 2014 ++++ getlhs.c Sun Dec 4 20:53:14 2016 +@@ -62,6 +62,7 @@ int dltype_to_lhs(int dltype) #ifdef DLT_ATM_CLIP case DLT_ATM_CLIP: #endif + case DLT_PPP_ETHER: - linkhdr_size = 8; + lhs = 8; break; #ifdef DLT_C_HDLC Index: patches/patch-main_c =================================================================== RCS file: /d/cvs/ports/net/hping/patches/patch-main_c,v retrieving revision 1.1 diff -u -p -r1.1 patch-main_c --- patches/patch-main_c 24 Apr 2005 22:59:08 -0000 1.1 +++ patches/patch-main_c 4 Dec 2016 19:59:43 -0000 @@ -1,7 +1,41 @@ $OpenBSD: patch-main_c,v 1.1 2005/04/24 22:59:08 alek Exp $ ---- main.c.orig Sun Apr 24 20:31:59 2005 -+++ main.c Sun Apr 24 20:49:52 2005 -@@ -315,24 +315,24 @@ int main(int argc, char **argv) + +- drop privileges to a dedicated user + +--- main.c.orig Fri Dec 26 15:31:29 2014 ++++ main.c Sun Dec 4 20:59:40 2016 +@@ -27,6 +27,8 @@ + #include <sys/time.h> + #include <sys/types.h> + #include <pcap.h> ++#include <pwd.h> ++#include <errno.h> + + #include "hping2.h" + +@@ -254,6 +256,21 @@ int main(int argc, char **argv) + exit(1); + } + ++ if (!getuid()) { ++ struct passwd *pw; ++ pw = getpwnam("_hping"); ++ if (pw == NULL) { ++ printf("[main] can't drop privs: no such user\n"); ++ exit(1); ++ } ++ if (setgroups(1, &pw->pw_gid) == -1 || ++ setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1 || ++ setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) { ++ printf("[main] can't drop privs: %s\n", strerror(errno)); ++ exit(1); ++ } ++ } ++ + /* get physical layer header size */ + if ( get_linkhdr_size(ifname) == -1 ) { + printf("[main] physical layer header size unknown\n"); +@@ -324,24 +341,24 @@ int main(int argc, char **argv) } if (opt_rawipmode) { Index: patches/patch-sendip_c =================================================================== RCS file: patches/patch-sendip_c diff -N patches/patch-sendip_c --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ patches/patch-sendip_c 4 Dec 2016 18:48:25 -0000 @@ -0,0 +1,15 @@ +$OpenBSD$ +--- sendip.c.orig Fri Dec 26 15:31:29 2014 ++++ sendip.c Tue Nov 22 03:17:46 2016 +@@ -111,7 +111,11 @@ void send_ip (char* src, char *dst, char *data, unsign + (struct sockaddr*)&remote, sizeof(remote)); + + if (result == -1 && errno != EINTR && !opt_rand_dest && !opt_rand_source) { ++ int save_errno = errno; + perror("[send_ip] sendto"); ++ if (save_errno == EHOSTUNREACH) ++ printf("[send_ip] " ++ "Note that PF might be blocking your packets.\n"); + if (close(sockraw) == -1) + perror("[ipsender] close(sockraw)"); + if (close_pcap() == -1) Index: patches/patch-waitpacket_c =================================================================== RCS file: /d/cvs/ports/net/hping/patches/patch-waitpacket_c,v retrieving revision 1.2 diff -u -p -r1.2 patch-waitpacket_c --- patches/patch-waitpacket_c 24 Apr 2005 22:59:08 -0000 1.2 +++ patches/patch-waitpacket_c 4 Dec 2016 19:55:11 -0000 @@ -1,7 +1,7 @@ $OpenBSD: patch-waitpacket_c,v 1.2 2005/04/24 22:59:08 alek Exp $ ---- waitpacket.c.orig Fri Dec 13 16:01:57 2002 -+++ waitpacket.c Sun Apr 24 21:00:52 2005 -@@ -361,15 +361,15 @@ int recv_tcp(void *packet, size_t size) +--- waitpacket.c.orig Fri Dec 26 15:31:29 2014 ++++ waitpacket.c Sun Dec 4 20:55:11 2016 +@@ -375,15 +375,15 @@ int recv_tcp(void *packet, size_t size) goto out; flags[0] = '\0'; Index: pkg/DESCR =================================================================== RCS file: /d/cvs/ports/net/hping/pkg/DESCR,v retrieving revision 1.5 diff -u -p -r1.5 DESCR --- pkg/DESCR 2 Apr 2013 15:15:53 -0000 1.5 +++ pkg/DESCR 4 Dec 2016 18:52:23 -0000 @@ -2,17 +2,17 @@ hping is a command-line oriented TCP/IP interface is inspired by the ping(8) unix command, but hping isn't just for sending ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files in a covert -channel, and many other features. While hping was mainly used as a +channel, and many other features. While hping was mainly used as a security tool in the past, it can be used in many ways by people that don't care about security to test networks and hosts. A subset of the -stuff you can do using hping: +stuff you can do using hping: - Firewall testing Advanced port scanning -- Network testing, using different protocols, TOS, fragmentation -- Manual path MTU discovery -- Advanced traceroute, under all the supported protocols -- Remote OS fingerprinting -- Remote uptime guessing +- Network testing, using different protocols, TOS, fragmentation +- Manual path MTU discovery +- Advanced traceroute, under all the supported protocols +- Remote OS fingerprinting +- Remote uptime guessing - TCP/IP stacks auditing N.B. the message "[send_ip] sendto: No route to host" often indicates Index: pkg/PLIST =================================================================== RCS file: /d/cvs/ports/net/hping/pkg/PLIST,v retrieving revision 1.6 diff -u -p -r1.6 PLIST --- pkg/PLIST 1 May 2015 17:40:58 -0000 1.6 +++ pkg/PLIST 4 Dec 2016 18:53:07 -0000 @@ -1,3 +1,5 @@ @comment $OpenBSD: PLIST,v 1.6 2015/05/01 17:40:58 ajacoutot Exp $ +@newgroup _hping:784 +@newuser _hping:784:_hping:default:hping privdrop user:/nonexistent:/sbin/nologin @man man/man8/hping.8 @bin sbin/hping -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
