Re: amd64 bulk report

2015-12-07 Thread Jérémie Courrèges-Anglas
Stuart Henderson  writes:

> On 2015/12/06 09:11, Antoine Jacoutot wrote:
>> * net/ifstat
>> * net/libdnet
>> * net/nmap
>> * net/ocserv
>> * security/aircrack-ng
>
> From my test build:
>
> None of the above actually need things from if_var.h, they're ok with the
> whole file wrapped in ifdef kernel.
>
>> * devel/libgtop2
>
> mpi's already taking care of libgtop2
>
>> * net/zabbix

The following patch is supposed to affect only OpenBSD and thus should
be easy to push upstream.  No need to read kernel mem to get if_data,
zabbix already had code in case kvm_read fails.

Robert, does the following work fine for you?

Index: Makefile
===
RCS file: /cvs/ports/net/zabbix/Makefile,v
retrieving revision 1.117
diff -u -p -r1.117 Makefile
--- Makefile30 Oct 2015 12:47:40 -  1.117
+++ Makefile7 Dec 2015 12:18:37 -
@@ -5,7 +5,7 @@ COMMENT-server =network and application
 COMMENT-web =  network and application monitoring - web frontend
 
 VERSION =  2.4.6
-REVISION-main =1
+REVISION-main =2
 REVISION-server =  0
 DISTNAME = zabbix-${VERSION}
 FULLPKGNAME-main = zabbix-agent-${VERSION}
Index: patches/patch-src_libs_zbxsysinfo_openbsd_net_c
===
RCS file: patches/patch-src_libs_zbxsysinfo_openbsd_net_c
diff -N patches/patch-src_libs_zbxsysinfo_openbsd_net_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-src_libs_zbxsysinfo_openbsd_net_c 7 Dec 2015 12:18:37 
-
@@ -0,0 +1,99 @@
+$OpenBSD$
+
+Stop using struct ifnet and libkvm for interface stats.
+
+--- src/libs/zbxsysinfo/openbsd/net.c.orig Sun Dec  6 15:59:59 2015
 src/libs/zbxsysinfo/openbsd/net.c  Sun Dec  6 16:19:21 2015
+@@ -24,13 +24,8 @@
+ 
+ #include 
+ 
+-#if OpenBSD >= 201405
+-# include   /* structs ifnet and ifnet_head are defined in 
this header since OpenBSD 5.5 */
+-#endif
+-
+ static struct nlist kernel_symbols[] =
+ {
+-  {"_ifnet", N_UNDF, 0, 0, 0},
+   {"_tcbtable", N_UNDF, 0, 0, 0},
+   {NULL, 0, 0, 0, 0}
+ };
+@@ -43,11 +38,6 @@ static int  get_ifdata(const char *if_name,
+   zbx_uint64_t *tbytes, zbx_uint64_t *tpackets, zbx_uint64_t 
*terrors,
+   zbx_uint64_t *icollisions, char **error)
+ {
+-  struct ifnet_head   head;
+-  struct ifnet*ifp;
+-
+-  kvm_t   *kp;
+-  int len = 0;
+   int ret = SYSINFO_RET_FAIL;
+ 
+   if (NULL == if_name || '\0' == *if_name)
+@@ -88,66 +78,7 @@ static int  get_ifdata(const char *if_name,
+   if (icollisions)
+   *icollisions = 0;
+ 
+-  if (NULL != (kp = kvm_open(NULL, NULL, NULL, O_RDONLY, NULL))) /* 
requires root privileges */
+   {
+-  struct ifnetv;
+-
+-  if (N_UNDF == kernel_symbols[IFNET_ID].n_type)
+-  if (0 != kvm_nlist(kp, _symbols[0]))
+-  kernel_symbols[IFNET_ID].n_type = N_UNDF;
+-
+-  if (N_UNDF != kernel_symbols[IFNET_ID].n_type)
+-  {
+-  len = sizeof(struct ifnet_head);
+-
+-  if (kvm_read(kp, kernel_symbols[IFNET_ID].n_value, 
, len) >= len)
+-  {
+-  len = sizeof(struct ifnet);
+-
+-  for (ifp = head.tqh_first; ifp; ifp = 
v.if_list.tqe_next)
+-  {
+-  if (kvm_read(kp, (u_long)ifp, , len) 
< len)
+-  break;
+-
+-  if (0 == strcmp(if_name, v.if_xname))
+-  {
+-  if (ibytes)
+-  *ibytes += v.if_ibytes;
+-  if (ipackets)
+-  *ipackets += 
v.if_ipackets;
+-  if (ierrors)
+-  *ierrors += 
v.if_ierrors;
+-  if (idropped)
+-  *idropped += 
v.if_iqdrops;
+-  if (obytes)
+-  *obytes += v.if_obytes;
+-  if (opackets)
+-  *opackets += 
v.if_opackets;
+-  if (oerrors)
+-  *oerrors += 
v.if_oerrors;
+-  if (tbytes)
+-  *tbytes += v.if_ibytes 
+ v.if_obytes;
+-  

Re: amd64 bulk report

2015-12-07 Thread Jérémie Courrèges-Anglas
Stuart Henderson  writes:

> On 2015/12/06 09:11, Antoine Jacoutot wrote:
>> * net/ifstat
>> * net/libdnet
>> * net/nmap
>> * net/ocserv
>> * security/aircrack-ng
>
> From my test build:
>
> None of the above actually need things from if_var.h, they're ok with the
> whole file wrapped in ifdef kernel.
>
>> * devel/libgtop2
>
> mpi's already taking care of libgtop2

>> * security/antisniff

Here's a diff that removes the need to look at if_var.h - use
getifaddrs(3) instead; the diff is a bit unreadable, but the resulting
intpr() function isn't.

Untested, is antisniff still relevant these days?

Index: Makefile
===
RCS file: /cvs/ports/security/antisniff/Makefile,v
retrieving revision 1.25
diff -u -p -r1.25 Makefile
--- Makefile30 Aug 2014 21:54:08 -  1.25
+++ Makefile7 Dec 2015 12:11:10 -
@@ -3,6 +3,7 @@
 COMMENT=   promiscuous mode interface detector
 
 PKGNAME=   antisniff-1.1.2
+REVISION=  0
 CATEGORIES=security
 
 DISTNAME=  anti_sniff_researchv1-1-2
Index: patches/patch-bpf_getetheraddr_c
===
RCS file: patches/patch-bpf_getetheraddr_c
diff -N patches/patch-bpf_getetheraddr_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-bpf_getetheraddr_c7 Dec 2015 12:11:10 -
@@ -0,0 +1,112 @@
+$OpenBSD$
+--- bpf_getetheraddr.c.origSat Dec 12 21:40:00 1998
 bpf_getetheraddr.c Sun Dec  6 16:34:36 2015
+@@ -90,7 +90,7 @@ struct nlist nl[] = {
+ 
+ kvm_t *kvmd;  
+ 
+-void intpr(u_long ifnetaddr, char *, struct ether_addr *);
++void intpr(char *, struct ether_addr *);
+ int  kread(u_long addr, char *buf, int size);
+ 
+ 
+@@ -130,83 +130,40 @@ int getetheraddr(HDEV fd, struct ether_addr *eaddr){
+ 
+   strncpy(intname, ifr.ifr_name, sizeof(intname));
+ 
+-  if ((kvmd = kvm_openfiles(nlistf, memf, NULL, O_RDONLY,
+-  buf)) == NULL) {
+-fprintf(stderr, "kvm_open: %s\n", buf);
+-exit(1);
+-  }
+-
+-  if (kvm_nlist(kvmd, nl) < 0 || nl[0].n_type == 0) {
+-if (nlistf)
+-  fprintf(stderr, "%s: no namelist\n", nlistf);
+-else
+-  fprintf(stderr, "no namelist\n");
+-exit(1);
+-  }
+-
+-  intpr(nl[N_IFNET].n_value, intname, eaddr);
++  intpr(intname, eaddr);
+   return(TRUE);
+ }
+ 
++#include 
++
+ void
+-intpr(u_long ifnetaddr, char *intname, struct ether_addr *eaddr){
+-  struct ifnet ifnet;
+-  union {
+-struct ifaddr ifa;
+-struct in_ifaddr in;
+-  } ifaddr;
+-  u_long ifaddraddr;
+-  struct ifnet_head ifhead; /* TAILQ_HEAD */
+-  char name[IFNAMSIZ];
++intpr(char *intname, struct ether_addr *eaddr) {
++  struct ifaddrs *ifa0, *ifa;
+   struct sockaddr_dl *sdl;
+   struct sockaddr *sa;
+ 
+- if (ifnetaddr == 0) {
+-   printf("ifnet: symbol not defined\n");
+-   return;
+- }
++  if (getifaddrs() == -1)
++return;
+ 
+- /*
+-  * Find the pointer to the first ifnet structure.  Replace
+-  * the pointer to the TAILQ_HEAD with the actual pointer
+-  * to the first list element.
+-  */
+-  if (kread(ifnetaddr, (char *), sizeof ifhead))
+-return;
++  for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) {
+ 
+-  ifnetaddr = (u_long)ifhead.tqh_first;
+-  ifaddraddr = 0;
+-
+-  while (ifnetaddr){
+-register char *cp;
+-
+-if (kread(ifnetaddr, (char *), sizeof ifnet))
+-  return;
+-bcopy(ifnet.if_xname, name, IFNAMSIZ);
+-name[IFNAMSIZ - 1] = '\0';  /* sanity */
+-ifnetaddr = (u_long)ifnet.if_list.tqe_next;
+-ifaddraddr = (u_long)ifnet.if_addrlist.tqh_first;
+-
+-if (strcmp(name, intname) == 0) {
+-  if (ifaddraddr != 0){
+-if (kread(ifaddraddr, (char *), sizeof ifaddr)) {
+-  ifaddraddr = 0;
++if (strcmp(ifa->ifa_name, intname) == 0) {
++sa = (struct sockaddr *)ifa->ifa_addr;
++  if (sa == NULL)
+   continue;
+-}
+-#define CP(x) ((char *)(x))
+-cp = (CP(ifaddr.ifa.ifa_addr) - CP(ifaddraddr)) +
+-   CP(); 
+-sa = (struct sockaddr *)cp;
++  if (sa->sa_family != AF_LINK)
++  continue;
+ sdl = (struct sockaddr_dl *)sa;
+ /*
+ if (sdl->sdl_type == IFT_ETHER ||
+ sdl->sdl_type == IFT_FDDI)
+ */
+ /*  printf("%s\n", ether_ntoa((struct ether_addr *)LLADDR(sdl))); */
+-  memcpy((char *)eaddr, (char *)LLADDR(sdl), sizeof(struct 
ether_addr));
+-  }
++memcpy((char *)eaddr, (char *)LLADDR(sdl), sizeof(struct ether_addr));
+ }
+   }
++
++  freeifaddrs(ifa0);
+ }
+ 
+ 
Index: patches/patch-includes_h
===
RCS file: /cvs/ports/security/antisniff/patches/patch-includes_h,v
retrieving revision 1.4
diff -u -p -r1.4 patch-includes_h
--- patches/patch-includes_h6 Dec 2013 11:54:48 -   1.4
+++ patches/patch-includes_h7 Dec 2015 12:11:10 -
@@ -1,13 +1,11 @@
 $OpenBSD: patch-includes_h,v 1.4 2013/12/06 

Re: amd64 bulk report (net-snmp)

2015-12-07 Thread Jérémie Courrèges-Anglas
Stuart Henderson  writes:

> On 2015/12/06 09:11, Antoine Jacoutot wrote:
>> * net/ifstat
>> * net/libdnet
>> * net/nmap
>> * net/ocserv
>> * security/aircrack-ng
>
> From my test build:
>
> None of the above actually need things from if_var.h, they're ok with the
> whole file wrapped in ifdef kernel.
>
>> * devel/libgtop2
>
> mpi's already taking care of libgtop2
>
[...]

> the above, plus net-snmp, do need things from if_var.

I took a look at net-snmp, things are a bit a ugly but in the end we
should be able to use getifaddrs(3) instead of kvm/struct ifnet for
ipv6.c.

The following is wip, I'd like to further split the getifaddrs(3) and
ifnet implementations but it probably should be discussed with upstream
before going too far.

I've done basic tests this morning using snmpwalk localhost and netsnmpd
started as root.

Thoughts?

Index: Makefile
===
RCS file: /cvs/ports/net/net-snmp/Makefile,v
retrieving revision 1.84
diff -u -p -r1.84 Makefile
--- Makefile5 Nov 2015 23:43:46 -   1.84
+++ Makefile7 Dec 2015 12:32:43 -
@@ -6,7 +6,7 @@ COMMENT-main=   extendable SNMP implementa
 COMMENT-tkmib= graphical SNMP MIB browser
 
 V= 5.7.3
-REVISION-main= 4
+REVISION-main= 5
 
 DISTNAME=  net-snmp-$V
 MULTI_PACKAGES=-main -tkmib
@@ -58,6 +58,7 @@ CONFIGURE_ARGS=   ${CONFIGURE_SHARED} \
--with-temp-file-pattern=/tmp/snmpd \
--with-logfile="/var/log/snmpd" \
--with-persistent-directory="/var/net-snmp"
+CONFIGURE_ENV= ac_cv_IFNET_NEEDS_KERNEL=no
 TEST_TARGET=   test
 
 pre-configure:
Index: patches/patch-agent_mibgroup_mibII_ipv6_c
===
RCS file: /cvs/ports/net/net-snmp/patches/patch-agent_mibgroup_mibII_ipv6_c,v
retrieving revision 1.1
diff -u -p -r1.1 patch-agent_mibgroup_mibII_ipv6_c
--- patches/patch-agent_mibgroup_mibII_ipv6_c   20 Dec 2013 02:20:00 -  
1.1
+++ patches/patch-agent_mibgroup_mibII_ipv6_c   7 Dec 2015 12:32:43 -
@@ -1,7 +1,213 @@
 $OpenBSD: patch-agent_mibgroup_mibII_ipv6_c,v 1.1 2013/12/20 02:20:00 krw Exp $
 agent/mibgroup/mibII/ipv6.c.orig   Tue Oct  9 18:28:58 2012
-+++ agent/mibgroup/mibII/ipv6.cSat Nov 30 08:25:29 2013
-@@ -1336,9 +1336,13 @@ var_udp6(register struct variable * vp,
+--- agent/mibgroup/mibII/ipv6.c.orig   Mon Dec  8 21:23:22 2014
 agent/mibgroup/mibII/ipv6.cMon Dec  7 09:11:14 2015
+@@ -81,6 +81,7 @@
+ # include 
+ #endif
+ #if HAVE_NETINET6_IP6_VAR_H
++# include 
+ # include 
+ #endif
+ #include 
+@@ -597,7 +598,44 @@ if_getindex(const char *name)
+ 
+ /**/
+ #ifndef linux
++
++#ifdef __OpenBSD__
++
+ /*
++ * It is not possible to use struct ifnet anymore on OpenBSD, get
++ * interface flags and L2 address through getifaddrs(3).
++ */
++
++#include 
++
++static int
++if_getifflags(int ifindex, int *ifflags)
++{
++  const char  *ifname;
++  struct ifaddrs  *ifa0, *ifa;
++  int  ret = -1;
++
++  ifname = if_getname(ifindex);
++  if (ifname == NULL)
++  return ret;
++
++  if (getifaddrs() != -1) {
++  for (ifa = ifa0; ifa != NULL; ifa = ifa->ifa_next) {
++  if (strcmp(ifa->ifa_name, ifname) == 0) {
++  *ifflags = ifa->ifa_flags;
++  ret = 0;
++  break;
++  }
++  }
++  freeifaddrs(ifa0);
++  }
++
++  return ret;
++}
++
++#else
++
++/*
+  * KAME dependent part 
+  */
+ static int
+@@ -630,6 +668,8 @@ if_getifnet(int idx, struct ifnet *result)
+ return -1;
+ }
+ 
++#endif /* !__OpenBSD__ */
++
+ #if TRUST_IFLASTCHANGE /*untrustable value returned... */
+ #ifdef HAVE_NET_IF_MIB_H
+ #if defined(HAVE_SYS_SYSCTL_H) && defined(CTL_NET)
+@@ -844,86 +884,34 @@ var_ifv6Entry(register struct variable * vp,
+ #endif
+ case IPV6IFPHYSADDRESS:
+ {
+-struct ifnetifnet;
+-struct ifaddr   ifaddr;
+-#if defined(__DragonFly__) && __DragonFly_version >= 197700
+-struct ifaddr_container ifac;
+-struct ifaddrhead head;
+-#endif
+ static struct sockaddr_dl sdl;
+-caddr_t ifa;
++struct ifaddrs *ifa0, *ifa;
++char ifnam[IF_NAMESIZE];
+ 
+-if (if_getifnet(interface, ) < 0)
+-break;
+-#if defined(freebsd3) || defined(darwin)
+-# if defined(__DragonFly__) && __DragonFly_version >= 197700
+-/*
+- * Locate ifaddr head on CPU0
+- */
+-if (!NETSNMP_KLOOKUP(ifnet.if_addrheads, (char *), 
sizeof(head))) {
+-DEBUGMSGTL(("mibII/ipv6:var_ipv6", "klookup head failed\n"));
+-break;
++if (if_indextoname(interface, ifnam) == NULL) {
++

Re: amd64 bulk report

2015-12-06 Thread Stuart Henderson
On 2015/12/06 09:11, Antoine Jacoutot wrote:
> * net/ifstat
> * net/libdnet
> * net/nmap
> * net/ocserv
> * security/aircrack-ng

>From my test build:

None of the above actually need things from if_var.h, they're ok with the
whole file wrapped in ifdef kernel.

> * devel/libgtop2

mpi's already taking care of libgtop2

> * devel/py-openbsd
> * security/antisniff
> * security/wpa_supplicant
> * net/zabbix
> * net/wmnet
> * net/wmnetload

the above, plus net-snmp, do need things from if_var.



Re: amd64 bulk report

2015-12-06 Thread Christian Weisgerber
On 2015-12-06, Antoine Jacoutot  wrote:

> * devel/libgtop2
> * devel/py-openbsd
> * net/ifstat
> * net/libdnet
> * net/nmap
> * net/ocserv
> * net/wmnet
> * net/wmnetload
> * net/zabbix
> * security/aircrack-ng
> * security/antisniff
> * security/wpa_supplicant
> /usr/include/net/if_var.h:165: error: expected specifier-qualifier-list 
> before 'SRPL_HEAD'

net/if_var.h revision 1.64 fixes a few of these but some still don't
build:
  devel/libgtop2
  devel/py-openbsd
  net/net-snmp
  net/wmnet
  net/wmnetload
  net/zabbix
  security/antisniff

Also, net80211/ieee80211_crypto.h 1.23 should fix this one:
  security/wpa_supplicant

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de