Package: p0f Version: 3.09b Severity: wishlist Tags: patch I like the output of the log file, but I don't like the normal output as it's too long. This patch was against 3.06b but should apply to 3.09b.
Option -q causes the output to be mostly quiet. There is some output. Option -o has been enhanced to allow - as the name to indicate stdout. I wrote this for myself and documentation was not important so the changes weren't documented anywhere, thus also not in the patch. If there is interest, I can add the documentation.
--- p0f.c 2012-09-30 00:44:27.000000000 -0400 +++ /home/wakko/p0f-3.06b/p0f.c 2012-11-05 19:35:20.028244647 -0500 @@ -1,5 +1,6 @@ /* - p0f - main entry point and all the pcap / unix socket innards + p0f - main + entry point and all the pcap / unix socket innards ------------------------------------------------------------- Copyright (C) 2012 by Michal Zalewski <lcam...@coredump.cx> @@ -93,6 +94,8 @@ u8 daemon_mode; /* Running in daemon mode? */ static u8 set_promisc; /* Use promiscuous mode? */ + +static u8 set_quiet; /* Don't output anything. Use -o to log */ static pcap_t *pt; /* PCAP capture thingy */ @@ -217,7 +220,10 @@ static void open_log(void) { struct stat st; - s32 log_fd; + s32 log_fd = -1; + + if (log_file && log_file[0] == '-' && log_file[1] == 0) + goto lf_open; log_fd = open((char*)log_file, O_WRONLY | O_APPEND | O_NOFOLLOW | O_LARGEFILE); @@ -241,11 +247,21 @@ if (flock(log_fd, LOCK_EX | LOCK_NB)) FATAL("'%s' is being used by another process.", log_file); - lf = fdopen(log_fd, "a"); - - if (!lf) FATAL("fdopen() on '%s' failed.", log_file); - - SAYF("[+] Log file '%s' opened for writing.\n", log_file); +lf_open: + lf = (log_fd == -1) ? + fdopen(1, "w") : + fdopen(log_fd, "a"); + + if (!lf) + FATAL("fdopen() on '%s' failed.", + (int)log_fd == -1 ? + "stdout" : + (char *)log_file); + + if (log_fd == -1) + SAYF("[+] Log file using stdout for writing.\n"); + else + SAYF("[+] Log file '%s' opened for writing.\n", log_file); } @@ -311,7 +327,7 @@ if (obs_fields) FATAL("Premature end of observation."); - if (!daemon_mode) { + if (!daemon_mode && !set_quiet) { SAYF(".-[ %s/%u -> ", addr_to_str(f->client->addr, f->client->ip_ver), f->cli_port); @@ -353,7 +369,7 @@ if (!obs_fields) FATAL("Unexpected observation field ('%s').", key); - if (!daemon_mode) + if (!daemon_mode && !set_quiet) SAYF("| %-8s = %s\n", key, value ? value : (u8*)"???"); if (log_file) LOGF("|%s=%s", key, value ? value : (u8*)"???"); @@ -362,7 +378,7 @@ if (!obs_fields) { - if (!daemon_mode) SAYF("|\n`----\n\n"); + if (!daemon_mode && !set_quiet) SAYF("|\n`----\n\n"); if (log_file) LOGF("\n"); @@ -1022,7 +1038,7 @@ if (getuid() != geteuid()) FATAL("Please don't make me setuid. See README for more.\n"); - while ((r = getopt(argc, argv, "+LS:df:i:m:o:pr:s:t:u:")) != -1) switch (r) { + while ((r = getopt(argc, argv, "+LS:df:i:m:o:pr:qs:t:u:")) != -1) switch (r) { case 'L': @@ -1104,6 +1120,10 @@ set_promisc = 1; break; + case 'q': + set_quiet = 1; + break; + case 'r': if (read_file) @@ -1168,6 +1188,13 @@ if (!api_sock && api_max_conn != API_MAX_CONN) FATAL("Option -S makes sense only with -s."); + if (set_quiet) { + if (daemon_mode) + FATAL("Daemon mode is already quiet"); + if (!log_file) + FATAL("Quiet requires a log file"); + } + if (daemon_mode) { if (read_file)