--- labrea-2.5-stable.orig/debian/changelog +++ labrea-2.5-stable/debian/changelog @@ -0,0 +1,54 @@ +labrea (2.5-stable-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix FTBFS. (Closes: #952064) + + -- Sudip Mukherjee Wed, 08 Apr 2020 13:06:10 +0100 + +labrea (2.5-stable-3) unstable; urgency=low + + * Adopting the package (Closes: #424715). + * Change "hackers" to "crackers" in package description, thanks to + Guillem Jover for noticing it (Closes: #436184). + * Conforms to Standards version 3.7.3. + * Add Homepage field in debian/control. + * Switch to quilt to manage changes from upstream. + * Fix hyphens in manpages. + + -- Vincent Bernat Sat, 19 Apr 2008 09:18:14 +0200 + +labrea (2.5-stable-2) unstable; urgency=low + + * QA upload. + * Package is orphaned (#424715); set maintainer to Debian QA Group. + * Switch to debhelper 5. + * Build-depend on autotools-dev for config.guess and config.sub. + * debian/copyright: Include all copyright and license statements. + * debian/dirs: Let the Makefile create directories. + * debian/docs: Remove ChangeLog (already installed as changelog.gz). + * debian/lintian-overrides: Override warning about INSTALL. + * debian/rules: Make sure configure doesn't think it's cross-compiling + when the host architecture is the same as the build architecture. + * debian/rules: Let dh_strip handle DEB_BUILD_OPTIONS=nostrip. + * debian/watch: Add. + * Conforms to Standards version 3.7.2. + + -- Matej Vela Tue, 19 Jun 2007 11:22:34 +0200 + +labrea (2.5-stable-1) unstable; urgency=low + + * New Upstream version + * Compiled against limbdumbnet1 + + -- Samuele Giovanni Tonon Thu, 13 Nov 2003 17:23:32 +0100 + +labrea (2.5beta1-1) unstable; urgency=low + + * Initial Release. (Closes: #194286) + * TAKE A LOOK TO INSTALL file before starting it + * Modified configure script as well as inc/ctl.h inc/pkt.h inc/utils.h + to use libdumbnet instead of libdnet (libdumbnet is the debian name + of libdnet ) + + -- Samuele Giovanni Tonon Thu, 22 May 2003 11:17:33 +0200 + --- labrea-2.5-stable.orig/debian/compat +++ labrea-2.5-stable/debian/compat @@ -0,0 +1 @@ +5 --- labrea-2.5-stable.orig/debian/control +++ labrea-2.5-stable/debian/control @@ -0,0 +1,19 @@ +Source: labrea +Section: net +Priority: optional +Maintainer: Vincent Bernat +Build-Depends: debhelper (>= 5), autotools-dev, libpcap-dev, libdumbnet-dev, quilt +Standards-Version: 3.7.3 +Homepage: http://labrea.sourceforge.net/labrea-info.html + +Package: labrea +Architecture: any +Depends: ${shlibs:Depends} +Description: a "sticky" honeypot and IDS + LaBrea takes over unused IP addresses, and creates virtual servers + that are attractive to worms, crackers, and other denizens of the + Internet. + . + The program answers connection attempts in such a way that the + machine at the other end gets "stuck", sometimes for a very long + time. --- labrea-2.5-stable.orig/debian/copyright +++ labrea-2.5-stable/debian/copyright @@ -0,0 +1,139 @@ +This package was debianized by Samuele Giovanni Tonon on +Thu, 22 May 2003 11:17:33 +0200. + +It was downloaded from http://labrea.sourceforge.net/labrea-info.html + +Upstream Author: Tom Liston + + Copyright (C) 2001, 2002 Tom Liston + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +The following terms apply to inc/debug.h: + + Copyright (C) 1998-2002 Martin Roesch + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +The following terms apply to inc/pcaputil.h, inc/pkt.h, src/pcaputil.c, +src/pkt.c: + + Copyright (c) 2001, 2002 Dug Song + All rights reserved, all wrongs reversed. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The names of the authors and copyright holders may not be used to + endorse or promote products derived from this software without + specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED + WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES + OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE + DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, + INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +The following terms apply to inc/queue.h: + + Copyright (c) 1991, 1993 + The Regents of the University of California. All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + This product includes software developed by the University of + California, Berkeley and its contributors. + 4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +The following terms apply to src/strlcpy.c: + + Copyright (c) 1998 Todd C. Miller + All rights reserved. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of the author may not be used to endorse or promote products + derived from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Additional copyrights may apply to the following files, which are not +compiled into the Debian package: inc/err.h, inc/getopt.h, inc/syslog.h, +inc/syslog_name.h, src/getopt.c, src/getopt1.c, src/memcmp.c, and +src/syslog.c. + +On Debian systems, the complete text of the GNU General Public License +can be found in /usr/share/common-licenses/GPL. --- labrea-2.5-stable.orig/debian/docs +++ labrea-2.5-stable/debian/docs @@ -0,0 +1,5 @@ +NEWS +README +TODO +AUTHORS +INSTALL --- labrea-2.5-stable.orig/debian/lintian-overrides +++ labrea-2.5-stable/debian/lintian-overrides @@ -0,0 +1,2 @@ +# INSTALL contains some important caveats. +labrea: package-contains-upstream-install-documentation usr/share/doc/labrea/INSTALL.gz --- labrea-2.5-stable.orig/debian/patches/fix_pcap_open.patch +++ labrea-2.5-stable/debian/patches/fix_pcap_open.patch @@ -0,0 +1,54 @@ +Description: Fix FTBFS + libpcap moved the declaration of pcap_open() to pcap.h and so its now + visible to labrea. So, it had a conflict with the private pcap_open() + which labrea has defined. Rename pcap_open() to _pcap_open(). + + ref: https://github.com/the-tcpdump-group/libpcap/commit/a372536befc9b1ee1d355058daa2eb9f66aa0c59 + +Author: Sudip Mukherjee +Bug-Debian: https://bugs.debian.org/952064 + +--- + +--- a/inc/pcaputil.h ++++ b/inc/pcaputil.h +@@ -15,7 +15,7 @@ + #endif + + +-pcap_t * pcap_open(char *device); ++pcap_t * _pcap_open(char *device); + int pcap_dloff(pcap_t *pcap); + int pcap_filter(pcap_t *pcap, const char *fmt, ...); + void pcap_stat (pcap_t *pd); +--- a/src/lbio.c ++++ b/src/lbio.c +@@ -190,7 +190,7 @@ open_winpcap_adapter() + /* + * Open the WinPcap device for sniffing + */ +- if ((io.pcap = pcap_open(io.adapter_name_list[j])) == NULL) { ++ if ((io.pcap = _pcap_open(io.adapter_name_list[j])) == NULL) { + warnx("*** Couldn't open WinPcap adapter" ); + return(-1); + } +@@ -286,7 +286,7 @@ lbio_init(u_char *dev, u_char *texpr) + util_clean_exit(1); + + } else { /* open Unix pcap device for sniffing */ +- if ((io.pcap = pcap_open(io.ifent->intf_name)) == NULL) { ++ if ((io.pcap = _pcap_open(io.ifent->intf_name)) == NULL) { + warnx("*** Couldn't open pcap device for sniffing" ); + util_clean_exit(1); + } +--- a/src/pcaputil.c ++++ b/src/pcaputil.c +@@ -52,7 +52,7 @@ + #include "pcaputil.h" + + pcap_t * +-pcap_open(char *device) ++_pcap_open(char *device) + { + char ebuf[PCAP_ERRBUF_SIZE]; + pcap_t *pcap; --- labrea-2.5-stable.orig/debian/patches/manpages-fix.patch +++ labrea-2.5-stable/debian/patches/manpages-fix.patch @@ -0,0 +1,481 @@ +--- labrea-2.5-stable/misc/labrea.1~ 2008-04-19 09:52:31.000000000 +0200 ++++ labrea-2.5-stable/misc/labrea.1 2008-04-19 09:52:45.000000000 +0200 +@@ -7,41 +7,41 @@ + .SH NAME + labrea \- Honeypot for incoming IP connection attempts + .SH SYNOPSIS +-\fBlabrea\fR [\fB-i --device INTERFACE\fR] +-[\fB-n --network nnn.nnn.nnn.nnn[/nn]\fR] +-[\fB-m --mask nnn.nnn.nnn.nnn\fR] +-[\fB-t --throttle-size BYTES\fR] +-[\fB-p --max-rate RATE \fR] +-[\fB-R --soft-restart\fR] +-[\fB-r --arp-timeout RATE\fR] +-[\fB-s --switch-safe\fR] +-[\fB-h --hard-capture\fR] +-[\fB-x --disable-capture\fR] +-[\fB-X --exclude-resolvable-ips\fR] +-[\fB-P --persist-mode-only\fR] +-[\fB-a --no-resp-synack\fR] +-[\fB-H --auto-hard-capture\fR] +-[\fB-f --no-resp-excluded-ports\fR] +-[\fB--no-arp-sweep\fR] +-[\fB--init-file FILE\fR] +-[\fB-F --bpf-file FILE\fR] +-[\fB-T --dry-run\fR] +-[\fB-d --foreground\fR] +-[\fB-o --log-to-stdout\fR] +-[\fB-O --log-timestamp-epoch\fR] +-[\fB-l --log-to-syslog\fR] +-[\fB-b --log-bandwidth\fR] +-[\fB-v --verbose\fR] +-[\fB-q --quiet\fR] +-[\fB-z --no-nag\fR] +-[\fB-? --usage --help \fR] +-[\fB-V --version\fR] +-[\fB-I --ip-addr nnn.nnn.nnn.nnn\fR] +-[\fB-E --my-mac-addr xx:xx:xx:xx:xx:xx\fR] +-[\fB-D --list-interfaces\fR] +-[\fB-j --winpcap-dev nn\fR] +-[\fB--syslog-server nnn.nnn.nnn.nnn\fR] +-[\fB--syslog-port nnn\fR] ++\fBlabrea\fR [\fB\-i \-\-device INTERFACE\fR] ++[\fB\-n \-\-network nnn.nnn.nnn.nnn[/nn]\fR] ++[\fB\-m \-\-mask nnn.nnn.nnn.nnn\fR] ++[\fB\-t \-\-throttle\-size BYTES\fR] ++[\fB\-p \-\-max\-rate RATE \fR] ++[\fB\-R \-\-soft\-restart\fR] ++[\fB\-r \-\-arp\-timeout RATE\fR] ++[\fB\-s \-\-switch\-safe\fR] ++[\fB\-h \-\-hard\-capture\fR] ++[\fB\-x \-\-disable\-capture\fR] ++[\fB\-X \-\-exclude\-resolvable-ips\fR] ++[\fB\-P \-\-persist\-mode\-only\fR] ++[\fB\-a \-\-no\-resp\-synack\fR] ++[\fB\-H \-\-auto\-hard\-capture\fR] ++[\fB\-f \-\-no\-resp\-excluded\-ports\fR] ++[\fB\-\-no\-arp\-sweep\fR] ++[\fB\-\-init\-file FILE\fR] ++[\fB\-F \-\-bpf\-file FILE\fR] ++[\fB\-T \-\-dry\-run\fR] ++[\fB\-d \-\-foreground\fR] ++[\fB\-o \-\-log\-to\-stdout\fR] ++[\fB\-O \-\-log\-timestamp\-epoch\fR] ++[\fB\-l \-\-log\-to\-syslog\fR] ++[\fB\-b \-\-log\-bandwidth\fR] ++[\fB\-v \-\-verbose\fR] ++[\fB\-q \-\-quiet\fR] ++[\fB\-z \-\-no\-nag\fR] ++[\fB\-? \-\-usage \-\-help \fR] ++[\fB\-V \-\-version\fR] ++[\fB\-I \-\-ip\-addr nnn.nnn.nnn.nnn\fR] ++[\fB\-E \-\-my\-mac\-addr xx:xx:xx:xx:xx:xx\fR] ++[\fB\-D \-\-list\-interfaces\fR] ++[\fB\-j \-\-winpcap\-dev nn\fR] ++[\fB\-\-syslog\-server nnn.nnn.nnn.nnn\fR] ++[\fB\-\-syslog\-port nnn\fR] + .LP + [\fBBPF Filter\fR] + .SH DESCRIPTION +@@ -60,11 +60,11 @@ + .B labrea + accepts the following options: + .TP +-.BI "-i --device " interface ++.BI "\-i \-\-device " interface + By default, labrea uses the first ethernet interface. This forces + labrea to use the specified interface. + .TP +-.BR "-n --network " xxx.xxx.xxx.xxx[/nn] ++.BR "\-n \-\-network " xxx.xxx.xxx.xxx[/nn] + labrea normally pulls information about the netblock from the IP + information assigned to the interface. If labrea is run on an + unconfigured interface (one without an assigned IP address), then use +@@ -75,22 +75,22 @@ + is the network address. + .I /nn + is the subnet mask in CIDR notation. If the subnet mask is not +-specified here, then you must include the -m parameter. ++specified here, then you must include the \-m parameter. + .RE + .TP +-.BR "-m --mask " xxx.xxx.xxx.xxx ++.BR "\-m \-\-mask " xxx.xxx.xxx.xxx + Another way to specify the network mask for the capture netblock. If +-this parameter is specified, then the -n parameter must also be ++this parameter is specified, then the \-n parameter must also be + specified. + .TP +-.BR "-t --throttle-size " \fInn\fR ++.BR "\-t \-\-throttle\-size " \fInn\fR + Sets the TCP window advertisement + to limit the amount of data sent to labrea. The number of data + bytes to allow per packet is + .I nn + bytes. + .TP +-.BR "-p --max-rate " \fIrate\fR ++.BR "\-p \-\-max\-rate " \fIrate\fR + Connect attempts will be permanently captured by forcing the + connection into a "persist" state (by closing the TCP window). In this + state, the connection will not time out. labrea will permanently +@@ -99,124 +99,124 @@ + bytes. If the specified bandwidth is exceeded, labrea will still + tarpit the incoming connection (ie respond SYN/ACK to incoming SYN). + .TP +-.BR "-R --soft-restart" ++.BR "\-R \-\-soft\-restart" + New captures will be held off for 5 minutes to let bandwidth + calculations progress. If a major scan hits just after startup, this + prevents labrea from capturing too many connections. + .TP +-.BR "-r --arp-timeout " \fIrate\fR ++.BR "\-r \-\-arp\-timeout " \fIrate\fR + Wait + .I rate + seconds after seeing incoming arp requests + before capturing an IP address. + .TP +-.BR "-s --switch-safe" ++.BR "\-s \-\-switch\-safe" + When there is an incoming ARP request, specifies that labrea should + send out an ARP request of its own for the same IP address. This is + necessary for safe operation in a switched environment where one host + does not necessarily see all the traffic on the switch. + .TP +-.BR "-h --hard-capture " +-Once an IP address has been captured, then do not wait for a "-r" ++.BR "\-h \-\-hard\-capture " ++Once an IP address has been captured, then do not wait for a "\-r" + timeout for the next incoming ARP request. + .TP +-.BR "-x --disable-capture" ++.BR "\-x \-\-disable\-capture" + Do not capture IPs. + .TP +-.BR "-X --exclude-resolvable-ips" ++.BR "\-X \-\-exclude\-resolvable\-ips" + On startup, attempt DNS resolution on all IPs within + the capture netblock. Automatically exclude any IP that has a + corresponding entry in the DNS. Be careful because this can generate a + lot of DNS lookups if the capture subnet is large. + .TP +-.BR "-P --persist-mode-only" ++.BR "\-P \-\-persist\-mode\-only" + Try to limit bandwidth use by doing only persist capturing. Note: This + parameter has limited usefulness since below max b/w, the same + exchange that leads to persist capture also has the side effect + of tarpitting. + .TP +-.BR "-a --no-resp-synack" ++.BR "\-a \-\-no\-resp\-synack" + By default, the LaBrea virtual hosts respond to SYN/ACK with RST, and + answer Pings. Disables this behaviour. + .TP +-.BR "-H --auto-hard-capture" ++.BR "\-H \-\-auto\-hard\-capture" + Mark all non-excluded and all non-hardexcluded IPs as being hard + captured. See + .B labrea.conf(5) + for more information. This parameter should be used + .I with caution. + .TP +-.BR "-f --no-resp-excluded-ports" ++.BR "\-f \-\-no\-resp\-excluded\-ports" + Drop incoming connections to excluded ports. Normal default behaviour + is to return a RST. Makes nmap-style scanning go much slower. + .TP +-.BR "--no-arp-sweep" ++.BR "\-\-no\-arp\-sweep" + On startup, labrea sweeps the capture subnet with bursts of ARP + requests in an attempt to locate all live machines. This parameter + disables the sweep. + .TP +-.BR "--init-file " \fIfile\fR ++.BR "\-\-init\-file " \fIfile\fR + Read the configuration from the specified + .I file + instead of from the default location. + .TP +-.BR "-F --bpf-file " \fIfile\fR ++.BR "\-F \-\-bpf\-file " \fIfile\fR + Designates the name of a file containing a BPF filter pointing to + machines/ports to be tarpitted. As with the command line BPF filter, + these connections MUST be firewalled to DROP inbound traffic. + .TP +-.BR "-T --dry-run" ++.BR "\-T \-\-dry\-run" + Do labrea initialization, including Dns excludes, parse of the + configuration file, opening the network interface etc. Print + diagnostic information, then exit. + .TP +-.BR "-d --foreground" ++.BR "\-d \-\-foreground" + Do not detach the process. (Unix systems only) + .TP +-.BR "-o --log-to-stdout" ++.BR "\-o \-\-log\-to\-stdout" + Send log information to stdout rather than to syslog. This option +-also implies and sets the -d option (i.e. do not detach process). ++also implies and sets the \-d option (i.e. do not detach process). + .TP +-.BR "-O --log-timestamp-epoch" +-Same as the "-o" option, but with time output in seconds since epoch ++.BR "\-O \-\-log\-timestamp\-epoch" ++Same as the "\-o" option, but with time output in seconds since epoch + to make it easier for logfile analysis programs. + .TP +-.BR "-l --log-to-syslog" ++.BR "\-l \-\-log\-to\-syslog" + Send log messages to syslog. + .TP +-.BR "-b --log-bandwidth" ++.BR "\-b \-\-log\-bandwidth" + Log a message every minute detailing the current bandwidth consumption +-of the -p option (persist capture). ++of the \-p option (persist capture). + .TP +-.BR "-v --verbose" ++.BR "\-v \-\-verbose" + Increase the verbosity of log messages. Use twice for more effect. + .TP +-.BR "-q --quiet" ++.BR "\-q \-\-quiet" + Do not report arp requests for IPs that are not in the capture + subnet. + .TP +-.BR "-z --no-nag" ++.BR "\-z \-\-no\-nag" + Turn off the nag message. Before you do this, read the basic warning + in the Notes section just below. + .TP +-.BR "-? --usage --help" ++.BR "\-? \-\-usage \-\-help" + Print a help message and then exit. + .TP +-.BR "-V --version" ++.BR "\-V \-\-version" + Print version information and exit. + .TP +-.BR "-I --ip-addr " \fInnn.nnn.nnn.nnn\fR ++.BR "\-I \-\-ip\-addr " \fInnn.nnn.nnn.nnn\fR + Manually specify the IP address for the labrea server. + .TP +-.BR "-E --my-mac-addr " \fIxx:xx:xx:xx:xx:xx\fR ++.BR "\-E \-\-my\-mac\-addr " \fIxx:xx:xx:xx:xx:xx\fR + Manually specify the MAC address of the labrea server's NIC. + .TP +-.BR "-D --list-interfaces" ++.BR "\-D \-\-list\-interfaces" + On Windows systems, print the list of WinPcap devices, followed by the + list of the libdnet interfaces. Note that each API has a different + nomenclature for the underlying NIC. + .TP +-.BR "-j --winpcap-dev " \fInn\fR ++.BR "\-j \-\-winpcap\-dev " \fInn\fR + On windows systems, select the nth winpcap device in the list. + .SH NOTES + .SS Basic Warning about use of labrea +@@ -259,10 +259,10 @@ + The IPI config stmt causes packets with the specified IP source + address(es) to be ignored. + .IP \(bu +--s --switch-safe parameter causes mirroring of ARP requests in a ++\-s \-\-switch\-safe parameter causes mirroring of ARP requests in a + switched environment + .IP \(bu +--X --exclude-resolvable-ips says to exclude all IPs that have a ++\-X \-\-exclude\-resolvable\-ips says to exclude all IPs that have a + corresponding Dns entry + .RE + .LP +@@ -283,7 +283,7 @@ + .LP + In this case, if labrea picks up the subnet mask from the interface, + then labrea will inefficiently watch addresses that it has no hope of +-capturing. You should use the -m / -n parameters to manually limit the ++capturing. You should use the \-m / \-n parameters to manually limit the + size of the capture subnet. + .SS Other usage notes + .HP +@@ -292,9 +292,9 @@ + On certain older Windows systems, it may be necessary to manually + specify the capture subnet. + .HP +-On unix systems, KILL -USR1 will toggle logging off on and off. ++On unix systems, KILL \-USR1 will toggle logging off on and off. + .HP +-On unix systems, KILL -HUP will cause labrea to reinitialize (and thus ++On unix systems, KILL \-HUP will cause labrea to reinitialize (and thus + free captured IPs). + .HP + If the capture subnet is too large (greater than 1024 addresses), then +@@ -305,7 +305,7 @@ + pcap_dispatch will wait instead of timing out, making the program seem + unresponsive. (Workaround: ping the labrea server to "wake" it up.) + .HP +-If --exclude-resolvable-ips is enabled, and if the capture subnet is ++If \-\-exclude\-resolvable\-ips is enabled, and if the capture subnet is + large (say class A /8), then a LOT of traffic will be generated to the + Dns server. + .SH EXAMPLES +@@ -319,18 +319,18 @@ + initialize, then exit. + .LP + .nf +- labrea --switch-safe --verbose -v --no-resp-excluded-ports +- --log-bandwidth --exclude-resolvable-ips --foreground +- --log-to-stdout --max-rate 2000000 --init-file toto.conf +- --device eth1 -z --dry-run ++ labrea \-\-switch\-safe \-\-verbose \-v \-\-no\-resp\-excluded\-ports ++ \-\-log\-bandwidth \-\-exclude\-resolvable\-ips \-\-foreground ++ \-\-log\-to\-stdout \-\-max\-rate 2000000 \-\-init\-file toto.conf ++ \-\-device eth1 \-z \-\-dry\-run + (one line) + .fi + .IP 2) + Same thing with the short parameter style. + .LP + .nf +- labrea -z -s -v -v -f -b -X -d -o -p 2000000 +- --init-file toto.conf -i eth1 -T ++ labrea \-z \-s \-v \-v \-f \-b \-X \-d \-o \-p 2000000 ++ \-\-init\-file toto.conf \-i eth1 \-T + (one line) + .fi + .SH FILES +--- labrea-2.5-stable/misc/labrea.conf.5~ 2008-04-19 09:52:31.000000000 +0200 ++++ labrea-2.5-stable/misc/labrea.conf.5 2008-04-19 09:53:41.000000000 +0200 +@@ -7,15 +7,15 @@ + .SH NAME + labrea.conf \- labrea(1) configuration file + .SH SYNOPSIS +-\fBnnn.nnn.nnn.nnn [- nnn.nnn.nnn.nnn] EXC\fR ++\fBnnn.nnn.nnn.nnn [\- nnn.nnn.nnn.nnn] EXC\fR + .LP +-\fBnnn.nnn.nnn.nnn [- nnn.nnn.nnn.nnn] HAR\fR ++\fBnnn.nnn.nnn.nnn [\- nnn.nnn.nnn.nnn] HAR\fR + .LP + \fBnnn.nnn.nnn.nnn[/nn] IPI\fR + .LP +-\fBnnnnn [- nnnnn] POR\fR ++\fBnnnnn [\- nnnnn] POR\fR + .LP +-\fBnnnnn [- nnnnn] PMN\fR ++\fBnnnnn [\- nnnnn] PMN\fR + .LP + .SH DESCRIPTION + .SS Generalities +@@ -31,7 +31,7 @@ + .SS Selectors + .LP + IPs can be specified as either a single address (e.g. "192.168.0.4") +-or as a range of addresses (e.g. "192.168.0.1 - 192.168.0.50"). ++or as a range of addresses (e.g. "192.168.0.1 \- 192.168.0.50"). + .LP + Ports can be specified as either a single port (e.g. 12345) or as a + range of ports (e.g. 1-65535). +@@ -49,7 +49,7 @@ + address than the one stored, then store the current time and the + requesting IP and return. + .IP b. +-If the stored time is less than "-r" seconds ago, ignore it and ++If the stored time is less than "\-r" seconds ago, ignore it and + return. + .IP c. + If currently stored time is more than a minute ago, +@@ -76,14 +76,14 @@ + for more details. + .LP + .B Hard captured IPs: +-The -h --hard-capture option instructs labrea that once it captures an +-IP address, then it needn't wait for a "-r" timeout the next time ++The \-h \-\-hard\-capture option instructs labrea that once it captures an ++IP address, then it needn't wait for a "\-r" timeout the next time + around. These IPs are said to be "hard" captured. + .LP + .B Hard excluded IPS: + These are IPs that should never be "hard" captured. In other words, + each time there is an ARP request for this IP, then labrea will always +-wait for the timeout -r secs before responding. ++wait for the timeout \-r secs before responding. + .LP + .B Tarpitting: + On a captured IP, labrea responds to an incoming SYN connection +@@ -100,7 +100,7 @@ + To accomplish this, short packets are sent every so often to say "keep + waiting, my Tcp window is still closed". So a maximum b/w control is + implemented to limit the total b/w consumption. (see the +-.B -p --max-rate ++.B \-p \-\-max\-rate + startup option) + .LP + .B Auto hard capturing: +@@ -116,7 +116,7 @@ + Since all connections are inbound, there should be no incoming + SYN/ACKs. Labrea will respond RST to an incoming SYN/ACK unless the + startup option +-.B -a --no-resp-synack ++.B \-a \-\-no\-resp\-synack + disables this behaviour. + .LP + .B Excluded ports: +@@ -127,7 +127,7 @@ + .SS Virtual machine behaviour when firewalling: + .B Active ports: + When firewalling (i.e. +-.B -f --no-resp-excluded-ports) ++.B \-f \-\-no\-resp\-excluded\-ports) + is active, then by default only the most widely used ports are active + at startup. + .LP +@@ -157,12 +157,12 @@ + .SH USAGE + This section describes the configuration statements and their usage: + .TP +-.BR "nnn.nnn.nnn.nnn [- nnn.nnn.nnn.nnn] EXC" ++.BR "nnn.nnn.nnn.nnn [\- nnn.nnn.nnn.nnn] EXC" + Never capture the specified IP addresses. This applies to local IP + addresses (i.e. on the local capture netblock) only. + .TP +-.BR "nnn.nnn.nnn.nnn [- nnn.nnn.nnn.nnn] HAR" +-WHen "hard capturing" is in effect ("-h"), then never hard capture ++.BR "nnn.nnn.nnn.nnn [\- nnn.nnn.nnn.nnn] HAR" ++WHen "hard capturing" is in effect ("\-h"), then never hard capture + the specified IP addresses. (i.e. Always wait for the ARP timeout + before responding.) Applies to local IP addresses only. + .TP +@@ -181,13 +181,13 @@ + (ie nnn.nnn.nnn.nnn/nn) and not as a range of IP addresses. + .RE + .TP +-.B "nnnnn [- nnnnn] POR" ++.B "nnnnn [\- nnnnn] POR" + These ports are excluded. labrea will not tarpit / persist capture + incoming connections on these ports. A RST will be returned unless + firewalling is active. In that case, the incoming packet will be + dropped. + .TP +-.B "nnnnn [- nnnnn] PMN" ++.B "nnnnn [\- nnnnn] PMN" + At startup, mark the indicated ports as being active. Incoming + connections to these ports are subject to tarpitting / persist + capturing. +@@ -203,7 +203,7 @@ + .LP + Exclude 192.168.10.5 through .7 from being captured: + .IP +-192.168.10.5 - 192.168.10.7 EXC ++192.168.10.5 \- 192.168.10.7 EXC + .LP + "Hard exclude" 192.168.10.100: + .IP +@@ -224,7 +224,7 @@ + .LP + Do not tarpit / persist capture on ports 21-25: + .IP +-21-25 POR ++21\-25 POR + .LP + When firewalling, make port 12345 active at startup: + .IP --- labrea-2.5-stable.orig/debian/patches/series +++ labrea-2.5-stable/debian/patches/series @@ -0,0 +1,3 @@ +use-dumbnet.patch +manpages-fix.patch +fix_pcap_open.patch --- labrea-2.5-stable.orig/debian/patches/use-dumbnet.patch +++ labrea-2.5-stable/debian/patches/use-dumbnet.patch @@ -0,0 +1,54 @@ +--- labrea-2.5-stable.orig/inc/ctl.h ++++ labrea-2.5-stable/inc/ctl.h +@@ -25,7 +25,9 @@ + #define CTL_H + + #include +-#include ++//Modified for work in debian ++//#include ++#include + #include "queue.h" + + /* +--- labrea-2.5-stable.orig/inc/utils.h ++++ labrea-2.5-stable/inc/utils.h +@@ -22,8 +22,9 @@ + + #ifndef UTILS_H + #define UTILS_H +- +-#include ++//Modified for work in Debian ++//#include ++#include + + /* Degree of verbosity in logging */ + typedef enum {QUIET, NORMAL, VERBOSE, VERY_VERBOSE} amt_log_t; +--- labrea-2.5-stable.orig/inc/pkt.h ++++ labrea-2.5-stable/inc/pkt.h +@@ -11,8 +11,9 @@ + + #ifndef PKT_H + #define PKT_H +- +-#include ++//Modified for work in Debian ++//#include ++#include + + #define PKT_BUF_LEN (ETH_HDR_LEN + ETH_MTU) + #define PKT_BUF_ALIGN 2 +--- labrea-2.5-stable.orig/src/pkt_handler.c ++++ labrea-2.5-stable/src/pkt_handler.c +@@ -29,7 +29,9 @@ + #include + #endif + #include +-#include ++//Modified for work in Debian ++//#include ++#include + + #ifdef HAVE_ERR_H + #include --- labrea-2.5-stable.orig/debian/rules +++ labrea-2.5-stable/debian/rules @@ -0,0 +1,81 @@ +#!/usr/bin/make -f +# This file is public domain software, originally written by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# These are used for cross-compiling and for saving the configure script +# from having to guess our platform (since we know it already) +DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +CONFFLAGS = --prefix=/usr --mandir=/usr/share/man --sysconfdir=/etc/labrea +ifeq ($(DEB_BUILD_GNU_TYPE), $(DEB_HOST_GNU_TYPE)) + CONFFLAGS += --build=$(DEB_BUILD_GNU_TYPE) +else + CONFFLAGS += --build=$(DEB_BUILD_GNU_TYPE) --host=$(DEB_HOST_GNU_TYPE) +endif + +export CFLAGS = -Wall -g +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif + +include /usr/share/quilt/quilt.make + +build: patch build-stamp +build-stamp: + dh_testdir + + ln -sf /usr/share/misc/config.guess /usr/share/misc/config.sub . + ./configure $(CONFFLAGS) + $(MAKE) + + touch build-stamp + +clean: clean-patched unpatch +clean-patched: + dh_testdir + dh_testroot + rm -f build-stamp + + [ ! -f Makefile ] || $(MAKE) distclean + rm -f config.guess config.sub + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + $(MAKE) install DESTDIR=$(CURDIR)/debian/labrea + + install -D -m 644 debian/lintian-overrides \ + debian/labrea/usr/share/lintian/overrides/labrea + +# Build architecture-independent files here. +binary-indep: build install + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs ChangeLog + dh_installdocs + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install --- labrea-2.5-stable.orig/debian/watch +++ labrea-2.5-stable/debian/watch @@ -0,0 +1,3 @@ +version=3 +opts="uversionmangle=s/-signatures-gpg$//,dversionmangle=s/-stable$/$&-1/" \ + http://sf.net/labrea/labrea-(.*)\.tar\.gz