debian/0000755000000000000000000000000011724443677007205 5ustar debian/docs0000644000000000000000000000005510777720477010063 0ustar doc/README.txt doc/CREDITS.txt doc/REGEX.txt debian/changelog0000644000000000000000000002537711724443677011075 0ustar ngrep (1.45.ds2-12) unstable; urgency=low * Fix handling of CPPFLAGS in upstream makefile to avoid losing _FORTIFY_SOURCE. * Bump Standards-Version to 3.9.3. -- Romain Francoise Sat, 03 Mar 2012 17:32:14 +0100 ngrep (1.45.ds2-11) unstable; urgency=low * Use Linux target code on hurd-i386 to fix FTBFS. * Fix (harmless) -Wformat warnings in tcpkill patch. -- Romain Francoise Mon, 19 Dec 2011 20:44:48 +0100 ngrep (1.45.ds2-10) unstable; urgency=low * Enable hardening via dpkg-buildflags. * Bump Standards-Version to 3.9.2. * Cherry-pick commit ca90da66ac from upstream Git to fix dumping of IPv6 traffic (closes: #615138) (LP: #567286). -- Romain Francoise Sun, 18 Dec 2011 14:45:36 +0100 ngrep (1.45.ds2-9) unstable; urgency=low * debian/control: Build-depend on hardening-includes. * debian/rules: Use hardening.make. -- Romain Francoise Mon, 04 Jan 2010 22:27:53 +0100 ngrep (1.45.ds2-8) unstable; urgency=low * Switch to 3.0 (quilt) source format: + Drop build-depends on quilt. + Remove patch/unpatch logic from debian/rules. + Remove README.source. + Refresh all patches. * Use dh(1): + debian/compat: Bump to 7. + debian/control: Build-depend on debhelper (>= 7.0.50~). + debian/rules: Simplify. + debian/ngrep.dirs: Removed. -- Romain Francoise Sun, 08 Nov 2009 18:41:33 +0100 ngrep (1.45.ds2-7) unstable; urgency=low * debian/rules: Change pcap includes location so that configure.in can find bpf.h in the correct pcap.h, thanks to Cristian Constantin (closes: #546596). -- Romain Francoise Mon, 14 Sep 2009 20:29:03 +0200 ngrep (1.45.ds2-6) unstable; urgency=low * debian/patches/10_kfreebsd.diff: New patch, fixes FTBFS on kfreebsd. Thanks to Cyril Brulebois (closes: #545912). * debian/patches/series: Update. -- Romain Francoise Thu, 10 Sep 2009 21:28:54 +0200 ngrep (1.45.ds2-5) unstable; urgency=low * debian/rules: Pass --disable-pcap-restart to configure (closes: #545656). * debian/control: + Bump Standards-Version to 3.8.3. + Add missing dependency on ${misc:Depends}. * debian/README.source: New file. -- Romain Francoise Tue, 08 Sep 2009 19:53:26 +0200 ngrep (1.45.ds2-4) unstable; urgency=low * debian/patches/10_man-fixes.diff: New patch, fixes duplicate -W option in man page; thanks to Michael Prokop (closes: #521397). * debian/patches/series: Update. * debian/control: Bump Standards-Version to 3.8.1, no changes needed. -- Romain Francoise Mon, 06 Apr 2009 20:30:42 +0200 ngrep (1.45.ds2-3) unstable; urgency=low * debian/rules: Force pcap includes location, avoids overzealous configure check which thinks the new pcap 1.0 locations are two different installations (closes: #518889). * debian/control: Bump Standards-Version to 3.8.0, no changes needed. -- Romain Francoise Mon, 09 Mar 2009 07:44:09 +0100 ngrep (1.45.ds2-2) unstable; urgency=low * debian/rules: Bump Standards-Version to 3.7.3; no changes needed. -- Romain Francoise Fri, 11 Apr 2008 19:26:31 +0200 ngrep (1.45.ds2-1) unstable; urgency=low * Repack tarball from Git. * debian/control: Add Homepage, Vcs-Browser and Vcs-Git fields. -- Romain Francoise Fri, 12 Oct 2007 20:11:58 +0200 ngrep (1.45.ds1-2) unstable; urgency=low * debian/patches/10_debian-build.diff: Don't strip the binary by default at link time, let dh_strip do it (closes: #437633). * debian/patches/30_tcpkill.diff: New patch adding the ability to kill matching TCP connections. Based on a patch by Florian Weimer, ported to libnet 1.1 (closes: #240054). * debian/patches/series: Update. * debian/repack.sh: Include this script in the package, just in case. -- Romain Francoise Mon, 13 Aug 2007 22:35:24 +0200 ngrep (1.45.ds1-1) unstable; urgency=low * New upstream release (closes: #412181), the .tar.bz2 upstream tarball was repacked into a .tar.gz tarball, removing the pcre-5.0, regex-0.12 and win32 directories in the process. * debian/patches/10_debian-build.diff: New patch redoing Debian changes to use the system's version of PCRE. * debian/patches/20_setlocale.diff: New patch, fold Debian change to set the locale for isprint() (see #307496). * debian/patches/50_autotools-dev.diff: New patch, make config.{guess,sub} use autotools-dev's fresher versions automatically. * debian/patches/series: New file. * debian/rules: + Don't copy config.{guess,sub} in clean target. + Don't ignore errors from 'make distclean'. + Include /usr/share/quilt/quilt.make and call its targets. + Various cleanups. * debian/control: Add build-depends on quilt. -- Romain Francoise Sun, 12 Aug 2007 21:20:11 +0200 ngrep (1.44-3) unstable; urgency=low * Backport patch from upstream CVS making the `clean_exit' signal handler safer (closes: #395248). -- Romain Francoise Sat, 4 Nov 2006 15:54:58 +0100 ngrep (1.44-2) unstable; urgency=low * debian/control: + Set myself as maintainer, not just uploader. + Bump Standards-Version to 3.7.2, no changed needed. + Build-Depend on debhelper (>> 5.0.0). * debian/compat: New file. * debian/rules: Don't set DH_COMPAT. -- Romain Francoise Wed, 27 Sep 2006 12:20:20 +0200 ngrep (1.44-1) unstable; urgency=low * New upstream release, with support for IPv6 (closes: #282362). * debian/rules: Add --enable-ipv6 to configure flags. * Apply patch from Max Kosmach adding a call to setlocale(), which makes isprint() decide what's printable depending on the current locale (closes: #307496). * debian/control: Bump Standards-Version to 3.6.2.1, no changed needed. -- Romain Francoise Tue, 5 Jul 2005 20:24:07 +0200 ngrep (1.43-3) unstable; urgency=medium * Further cleanup the build process to get rid of the shipped pcre library: + Patch ngrep.c to use instead of the header in pcre-5.0. + Patch configure to skip the pcre configure stage. + Patch Makefile.in to not try to clean the pcre-5.0 directory. * debian/rules: Cleanups. + Remove obsolete deletion command from clean target (useless since 1.43-1). + Remove dh-make comments, cut lines to fit in 80 columns, credit Nathan, Steve and myself. * debian/control: Cosmetic change. -- Romain Francoise Fri, 25 Mar 2005 16:39:16 +0100 ngrep (1.43-2) unstable; urgency=low * Patch Makefile.in to not build (and link) the package's pcre since we want to use the system's version (it will still be configured but at least the binary will remain untouched). * debian/control: Remove obsolete local variables. -- Romain Francoise Tue, 22 Mar 2005 20:27:31 +0100 ngrep (1.43-1) unstable; urgency=medium * Hijacked package, new maintainer: http://lists.debian.org/debian-qa/2005/03/msg00059.html * Added Romain Francoise as a co-maintainer. * Build depend upon autotools-dev, so that we can copy in the most recent config.{sub guess} files. (Closes: #135337, #168649) * Rebuilt against libpcap, which closes the bug fixed in the old NMU (Now using libpcap0.8 instead of 0.7) (Closes: #156178) * Use the system's installed copy of PCRE instead of the bundled copy. (Closes: #166783) * Removed the duplicate '-F' option from the manpage. (Closes: #293728) * New upstream version Some previously broken code is now removed from the upstream version so some older bugs no longer exist. They will be closed individually as part of a bug triage. -- Steve Kemp Mon, 14 Mar 2005 16:15:39 +0000 ngrep (1.42-1) unstable; urgency=low * New Upstream Version (closes: #243613) * Changed manpage to use minus signs (\-) instead of hyphens (-) (closes: #207279) * Updated libtool script (closes: #201948) -- Nathan Sandver Sat, 07 Aug 2004 12:54:33 -0700 ngrep (1.40.1-3) unstable; urgency=low * Maintainer upload to resolve some outstanding issues with the package. Thanks to Samuele, Robert, Torsten, and Randolph for working on the package when I was inactive. * Updated config.guess, config.sub (closes: Bug#168649) * Links dynamically against Debian's libpcre (closes: Bug#166783) -- Nathan E. Sandver Sat, 30 Nov 2002 01:23:43 -0800 ngrep (1.40.1-2.4) unstable; urgency=low * NMU * recompiled against libpcap0.7 (closes: Bug#156178) -- Samuele Giovanni Tonon Wed, 6 Nov 2002 23:31:47 +0100 ngrep (1.40.1-2.3) unstable; urgency=low * NMU * ngrep is not supposed to be a debian-native package - redownloaded pristine upstream source and fixed that * Applied patch to copy libpcap packet buffers to aligned positions to avoid segfaults on architectures where that matters (like Sparc) closes: #138847 * Clean up stray pcre-3.4/dftables executable in clean target to allow for repeated package building -- Robert Woodcock Sun, 27 Oct 2002 15:49:33 -0800 ngrep (1.40.1-2.2) unstable; urgency=low * Non maintainer upload * Rebuilt with new libpcap to remove dependency on libpcap0, which I got removed from unstable by accident. Sorry about this... -- Torsten Landschoff Sat, 10 Aug 2002 11:37:22 +0200 ngrep (1.40.1-2.1) unstable; urgency=low * NMU * Update config.guess/sub. (closes: Bug#135337) -- Randolph Chung Tue, 12 Mar 2002 22:55:28 -0800 ngrep (1.40.1-2) unstable; urgency=low * Bitten by outdated config.sub & config.guess in included pcre source again. Updated both files. (closes: Bug#133308) -- Nathan Sandver Mon, 18 Feb 2002 14:12:53 -0800 ngrep (1.40.1-1) unstable; urgency=low * New upstream version. -- Nathan Sandver Sat, 9 Feb 2002 18:42:30 -0800 ngrep (1.40-1) unstable; urgency=low * New upstream release * Updated config.sub & config.guess. (Closes #111406) -- Nathan Sandver Thu, 25 Oct 2001 21:54:41 -0700 ngrep (1.39.2-2) unstable; urgency=low * Added Build-depends: libpcap-dev -- Nathan Sandver Thu, 5 Jul 2001 17:01:55 -0700 ngrep (1.39.2-1) unstable; urgency=low * New upstream version * Using PCRE for regular expressions support -- Nathan Sandver Sat, 26 May 2001 13:12:54 -0700 ngrep (1.35-1) unstable; urgency=low * Initial Release. -- Nathan E. Sandver Thu, 28 Oct 1999 18:39:00 -0700 debian/source/0000755000000000000000000000000011673364211010472 5ustar debian/source/format0000644000000000000000000000001411275576627011716 0ustar 3.0 (quilt) debian/source/lintian-overrides0000644000000000000000000000006211673364211014051 0ustar package-needs-versioned-debhelper-build-depends 9 debian/control0000644000000000000000000000201411724443677010605 0ustar Source: ngrep Section: net Priority: optional Maintainer: Romain Francoise Build-Depends: dpkg-dev (>= 1.16.1~), debhelper (>= 8.9.4~), libpcap0.8-dev, libpcre3-dev, autotools-dev, libnet1-dev, Standards-Version: 3.9.3 Homepage: http://ngrep.sf.net/ Vcs-Browser: http://git.debian.org/?p=users/rfrancoise/ngrep.git Vcs-Git: git://git.debian.org/git/users/rfrancoise/ngrep.git Package: ngrep Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: grep for network traffic ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop. debian/copyright0000644000000000000000000000703710777720477011152 0ustar This package was debianized by Nathan Sandver on Sat, 26 May 2001 12:42:54 -0700. It was downloaded from: http://ngrep.sourceforge.net Upstream Author: Jordan Ritter Copyright: Copyright (c) 2006 Jordan Ritter. All rights reserved. Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it, subject to the following restrictions: 1. The origin of this software must not be misrepresented, either by explicit claim or by omission. 2. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Any altered version must clearly and properly represent the origin of this software in any accompanying documentation. 3. All advertising materials which relate specifically to derivate works of this software must display the following acknowledgement: This product includes software developed by Jordan Ritter. 4. The name of the Author may not be used to endorse or promote products derived from this software without specific prior written permission. 5. This notice, and any references to this notice, in any original or derived source distribution of or documentation for this software, may not be removed or altered. THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. Portions were copied from tcpkill (part of dsniff), which has the following copyright: Copyright (c) 1999, 2000 Dug Song All rights reserved, all wrongs reversed. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. The name of author may not be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. debian/rules0000755000000000000000000000046011673363622010257 0ustar #!/usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+all %: dh $@ override_dh_auto_configure: ./configure --prefix=/usr --enable-pcre --enable-ipv6 \ --with-pcap-includes=/usr/include/pcap \ --disable-pcap-restart override_dh_installchangelogs: dh_installchangelogs doc/CHANGES.txt debian/compat0000644000000000000000000000000211673363645010402 0ustar 9 debian/repack.sh0000644000000000000000000000044010777720477011007 0ustar #!/bin/sh _usage() { printf "usage: %s \n" `basename $0` exit 1 } if [ $# -ne 1 ]; then _usage else TARFILE="$1" fi DIR=$(tar tf $TARFILE | cut -d/ -f1 | tail -1) tar xf $TARFILE rm -rf $DIR/pcre-* $DIR/regex-* $DIR/win32 tar cvvzf $DIR.tar.gz $DIR debian/patches/0000755000000000000000000000000011724443677010634 5ustar debian/patches/40_ipv6-offsets.diff0000644000000000000000000000305411673365612014321 0ustar commit ca90da66ac237005af6fbdbdc16837ba41f19beb Author: Jordan Ritter Date: Tue Jun 19 10:12:08 2007 +0000 Fix for bug #1738953: why would I subtract the payload's length from a variable that is supposed to describe exactly that?? Removed ip6_plen from TCP, UDP and ICMPv6 calculations. diff --git a/ngrep.c b/ngrep.c index fd95cbe..6c3c902 100644 --- a/ngrep.c +++ b/ngrep.c @@ -721,11 +721,6 @@ void process(u_char *d, struct pcap_pkthdr *h, u_char *p) { data = (unsigned char *)(tcp_pkt) + tcphdr_offset; len -= link_offset + ip_hl + tcphdr_offset; -#if USE_IPv6 - if (ip_ver == 6) - len -= ntohs(ip6_pkt->ip6_plen); -#endif - if ((int32_t)len < 0) len = 0; @@ -741,11 +736,6 @@ void process(u_char *d, struct pcap_pkthdr *h, u_char *p) { data = (unsigned char *)(udp_pkt) + udphdr_offset; len -= link_offset + ip_hl + udphdr_offset; -#if USE_IPv6 - if (ip_ver == 6) - len -= ntohs(ip6_pkt->ip6_plen); -#endif - if ((int32_t)len < 0) len = 0; @@ -779,7 +769,7 @@ void process(u_char *d, struct pcap_pkthdr *h, u_char *p) { uint16_t icmp6hdr_offset = (frag_offset) ? 0 : 4; data = (unsigned char *)(icmp6_pkt) + icmp6hdr_offset; - len -= link_offset + ip_hl + ntohs(ip6_pkt->ip6_plen) + icmp6hdr_offset; + len -= link_offset + ip_hl + icmp6hdr_offset; if ((int32_t)len < 0) len = 0; debian/patches/10_man-fixes.diff0000644000000000000000000000353511724443677013663 0ustar Misc fixes to the man page. --- ngrep.8 | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) --- a/ngrep.8 +++ b/ngrep.8 @@ -144,13 +144,13 @@ .IP "-W normal|byline|single|none" Specify an alternate manner for displaying packets, when not in hexadecimal mode. The ``byline'' mode honors embedded linefeeds, -wrapping text only when a linefeed is encountered. The ``none'' mode -doesn't wrap under any circumstance (entire payload is displayed on -one line). The ``single'' mode is conceptually the same as ``none'', -except that everything including IP and source/destination header -information is all on one line. ``normal'' is the default mode and is -only included for completeness. This option is incompatible with -``-x''. +wrapping text only when a linefeed is encountered (useful for observing +HTTP transactions, for instance). The ``none'' mode doesn't wrap under +any circumstance (entire payload is displayed on one line). The +``single'' mode is conceptually the same as ``none'', except that +everything including IP and source/destination header information is all +on one line. ``normal'' is the default mode and is only included for +completeness. This option is incompatible with ``-x''. .IP "-s snaplen" Set the bpf caplen to snaplen (default 65536). @@ -181,13 +181,6 @@ .IP "-A num" Dump \fInum\fP packets of trailing context after matching a packet. -.IP "-W normal|byline|none" -Alter the method by which ngrep displays packet payload. ``normal'' -mode represents the standard behaviour, ``byline'' instructs ngrep to -respect embedded linefeeds (useful for observing HTTP transactions, -for instance), and ``none'' results in the payload on one single line -(useful for scripted processing of ngrep output). - .IP "-c cols" Ignore the detected terminal width and force the column width to the specified size. debian/patches/30_tcpkill.diff0000644000000000000000000001626111724443232013423 0ustar This patch adds tcpkill support to ngrep (new option -K). It was initially written by Florian Weimer in 2004, and updated for libnet 1.1 by Romain Francoise . --- LICENSE.txt | 29 +++++++++++++++++++ Makefile.in | 10 ++++-- ngrep.8 | 4 ++ ngrep.c | 15 +++++++++- tcpkill.c | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ tcpkill.h | 7 ++++ 6 files changed, 148 insertions(+), 5 deletions(-) --- a/LICENSE.txt +++ b/LICENSE.txt @@ -36,3 +36,32 @@ WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +Portions were copied from tcpkill (part of dsniff), which has the +following copyright: + + Copyright (c) 1999, 2000 Dug Song + All rights reserved, all wrongs reversed. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. The name of author may not be used to endorse or promote products + derived from this software without specific prior written permission. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL + THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, + EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, + PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; + OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --- a/Makefile.in +++ b/Makefile.in @@ -7,16 +7,18 @@ CC=@CC@ -CFLAGS=@CFLAGS@ @CPPFLAGS@ -D@OS@ @DEFS@ @EXTRA_DEFINES@ +CFLAGS_LIBNET := $(shell libnet-config --defines ; libnet-config --cflags) +CFLAGS=@CFLAGS@ @CPPFLAGS@ -D@OS@ @DEFS@ @EXTRA_DEFINES@ $(CFLAGS_LIBNET) INCLUDES=-I@srcdir@ @PCAP_INCLUDE@ @EXTRA_INCLUDES@ LDFLAGS=@LDFLAGS@ @PCAP_LINK@ -LIBS=-lpcap @EXTRA_LIBS@ +LIBNET := $(shell libnet-config --libs) +LIBS=-lpcap @EXTRA_LIBS@ $(LIBNET) STRIPFLAG=@STRIPFLAG@ -SRC=ngrep.c -OBJS=ngrep.o +SRC=ngrep.c tcpkill.c +OBJS=ngrep.o tcpkill.o TARGET=ngrep MANPAGE=ngrep.8 --- a/ngrep.8 +++ b/ngrep.8 @@ -189,6 +189,10 @@ Change the non-printable character from the default ``.'' to the character specified. +.IP "-K num" +Kill matching TCP connections (like tcpkill). The numeric argument +controls how many RST segments are sent. + .IP "\fI match expression\fP" A match expression is either an extended regular expression, or if the \fI-X\fP option is specified, a string signifying a hexadecimal value. --- a/ngrep.c +++ b/ngrep.c @@ -110,6 +110,7 @@ uint16_t snaplen = 65535, limitlen = 65535, promisc = 1, to = 100; uint16_t match_after = 0, keep_matching = 0, matches = 0, max_matches = 0; +uint16_t tcpkill_active = 0; uint8_t re_match_word = 0, re_ignore_case = 0, re_multiline_match = 1; uint8_t show_empty = 0, show_hex = 0, show_proto = 0, quiet = 0; @@ -199,7 +200,7 @@ setlocale(LC_ALL, ""); - while ((c = getopt(argc, argv, "LNhXViwqpevxlDtTRMs:n:c:d:A:I:O:S:P:F:W:")) != EOF) { + while ((c = getopt(argc, argv, "LNhXViwqpevxlDtTRMK:s:n:c:d:A:I:O:S:P:F:W:")) != EOF) { switch (c) { case 'W': { if (!strcasecmp(optarg, "normal")) @@ -314,6 +315,9 @@ case 'N': show_proto++; break; + case 'K': + tcpkill_active = atoi(optarg); + break; case 'h': usage(0); default: @@ -353,6 +357,10 @@ clean_exit(-1); } + if (tcpkill_active) { + tcpkill_init(); + } + if (pcap_lookupnet(dev, &net.s_addr, &mask.s_addr, pc_err) == -1) { perror(pc_err); memset(&net, 0, sizeof(net)); @@ -887,6 +895,10 @@ if (pd_dump) pcap_dump((u_char*)pd_dump, h, p); + + if (tcpkill_active) { + tcpkill_kill(h, p, link_offset, tcpkill_active); + } } int8_t re_match_func(unsigned char *data, uint32_t len) { @@ -1256,6 +1268,7 @@ #else " -d is use specified device instead of the pcap default\n" #endif + " -K is kill matching TCP connections\n" ""); exit(e); --- /dev/null +++ b/tcpkill.c @@ -0,0 +1,88 @@ +/* + * tcpkill.c + * + * Kill TCP connections already in progress. + * + * Copyright (c) 2000 Dug Song + * + * $Id: tcpkill.c,v 1.17 2001/03/17 08:10:43 dugsong Exp $ + */ + +#include + +#include +#include +#include +#include +#include +#include + +#include "tcpkill.h" + +libnet_t *l; + +void +tcpkill_kill(const struct pcap_pkthdr *pcap, const u_char *pkt, + unsigned pcap_off, unsigned kill_count) +{ + struct libnet_ipv4_hdr *ip; + struct libnet_tcp_hdr *tcp; + u_char ctext[64]; + u_int32_t seq, win; + int i, len; + + pkt += pcap_off; + len = pcap->caplen - pcap_off; + + ip = (struct libnet_ipv4_hdr *)pkt; + if (ip->ip_p != IPPROTO_TCP) + return; + + tcp = (struct libnet_tcp_hdr *)(pkt + (ip->ip_hl << 2)); + if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST)) + return; + + seq = ntohl(tcp->th_ack); + win = ntohs(tcp->th_win); + + snprintf(ctext, sizeof(ctext), "%s:%d > %s:%d:", + libnet_addr2name4(ip->ip_src.s_addr, LIBNET_DONT_RESOLVE), + ntohs(tcp->th_sport), + libnet_addr2name4(ip->ip_dst.s_addr, LIBNET_DONT_RESOLVE), + ntohs(tcp->th_dport)); + + for (i = 0; i < kill_count; i++) { + seq += (i * win); + + libnet_clear_packet(l); + + libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport), + seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, + NULL, 0, l, 0); + + libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0, + libnet_get_prand(LIBNET_PRu16), 0, 64, + IPPROTO_TCP, 0, ip->ip_dst.s_addr, + ip->ip_src.s_addr, NULL, 0, l, 0); + + if (libnet_write(l) < 0) + warn("write"); + + fprintf(stderr, "%s R %u:%u(0) win 0\n", ctext, seq, seq); + } +} + +void +tcpkill_init(void) +{ + char *intf, ebuf[PCAP_ERRBUF_SIZE]; + char libnet_ebuf[LIBNET_ERRBUF_SIZE]; + + if ((intf = pcap_lookupdev(ebuf)) == NULL) + errx(1, "%s", ebuf); + + if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL) + errx(1, "couldn't initialize sending"); + + libnet_seed_prand(l); +} --- /dev/null +++ b/tcpkill.h @@ -0,0 +1,7 @@ +#ifndef TCPKILL_H +#define TCPKILL_H + +void tcpkill_init(void); +void tcpkill_kill(const struct pcap_pkthdr *pcap, const u_char *pkt, unsigned pcap_off, unsigned kill_count); + +#endif debian/patches/20_setlocale.diff0000644000000000000000000000103211275601034013716 0ustar Call setlocale to make isprint() decide what's printable depending on the current locale. See #307496. --- ngrep.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/ngrep.c +++ b/ngrep.c @@ -97,6 +97,8 @@ #include "regex-0.12/regex.h" #endif +#include + #include "ngrep.h" @@ -195,6 +197,8 @@ signal(SIGWINCH, update_windowsize); #endif + setlocale(LC_ALL, ""); + while ((c = getopt(argc, argv, "LNhXViwqpevxlDtTRMs:n:c:d:A:I:O:S:P:F:W:")) != EOF) { switch (c) { case 'W': { debian/patches/10_kfreebsd_hurd.diff0000644000000000000000000000056611673451513014573 0ustar Fixes build on Debian GNU/kFreeBSD (contributed by Cyril Brulebois) and GNU/Hurd. --- ngrep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/ngrep.c +++ b/ngrep.c @@ -32,7 +32,7 @@ #include #endif -#if defined(LINUX) +#if defined(LINUX) || defined(__GLIBC__) || defined(__GNU__) #include #include #include debian/patches/series0000644000000000000000000000021211673451563012040 0ustar 10_debian-build.diff 10_man-fixes.diff 10_kfreebsd_hurd.diff 20_setlocale.diff 30_tcpkill.diff 40_ipv6-offsets.diff 50_autotools-dev.diff debian/patches/50_autotools-dev.diff0000644000000000000000000000152711275601036014566 0ustar Make config.{guess,sub} use autotools-dev's fresher versions automatically. --- config.guess | 5 +++++ config.sub | 5 +++++ 2 files changed, 10 insertions(+) --- a/config.guess +++ b/config.guess @@ -1,4 +1,9 @@ #! /bin/sh + +if [ -x /usr/share/misc/config.guess ]; then + exec /usr/share/misc/config.guess "$@" +fi + # Attempt to guess a canonical system name. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, --- a/config.sub +++ b/config.sub @@ -1,4 +1,9 @@ #! /bin/sh + +if [ -x /usr/share/misc/config.sub ]; then + exec /usr/share/misc/config.sub "$@" +fi + # Configuration validation subroutine script. # Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, # 2000, 2001, 2002, 2003, 2004, 2005, 2006 Free Software Foundation, debian/patches/10_debian-build.diff0000644000000000000000000000476711724443142014306 0ustar Change ngrep's build system to use the system's version of PCRE. --- Makefile.in | 6 ++---- configure | 11 +++-------- configure.in | 11 +++-------- ngrep.c | 2 +- 4 files changed, 9 insertions(+), 21 deletions(-) --- a/configure +++ b/configure @@ -3624,13 +3624,10 @@ if test $use_pcre = yes; then - echo - echo 'Configuring Perl-Compatible Regular Expression (PCRE) library ...' - echo - - REGEX_DIR='pcre-5.0' - REGEX_OBJS="$REGEX_DIR/pcre.o $REGEX_DIR/study.o" + REGEX_DIR='' + REGEX_OBJS="" USE_PCRE="1" + EXTRA_LIBS="$EXTRA_LIBS -lpcre" else @@ -3644,8 +3641,6 @@ fi -( cd $REGEX_DIR && ./configure ) - --- a/configure.in +++ b/configure.in @@ -126,13 +126,10 @@ if test $use_pcre = yes; then - echo - echo 'Configuring Perl-Compatible Regular Expression (PCRE) library ...' - echo - - REGEX_DIR='pcre-5.0' - REGEX_OBJS="$REGEX_DIR/pcre.o $REGEX_DIR/study.o" + REGEX_DIR='' + REGEX_OBJS="" USE_PCRE="1" + EXTRA_LIBS="$EXTRA_LIBS -lpcre" else @@ -146,8 +143,6 @@ fi -( cd $REGEX_DIR && ./configure ) - AC_SUBST(REGEX_DIR) AC_SUBST(REGEX_OBJS) --- a/Makefile.in +++ b/Makefile.in @@ -7,7 +7,7 @@ CC=@CC@ -CFLAGS=@CFLAGS@ -D@OS@ @DEFS@ @EXTRA_DEFINES@ +CFLAGS=@CFLAGS@ @CPPFLAGS@ -D@OS@ @DEFS@ @EXTRA_DEFINES@ INCLUDES=-I@srcdir@ @PCAP_INCLUDE@ @EXTRA_INCLUDES@ LDFLAGS=@LDFLAGS@ @PCAP_LINK@ @@ -39,13 +39,13 @@ all: $(TARGET) $(TARGET): $(REGEX_OBJS) $(OBJS) - $(CC) $(CFLAGS) $(LDFLAGS) $(STRIPFLAG) -o $(TARGET) $(OBJS) $(REGEX_OBJS) $(LIBS) + $(CC) $(CFLAGS) $(LDFLAGS) -o $(TARGET) $(OBJS) $(REGEX_OBJS) $(LIBS) debug: $(REGEX_OBJS) $(OBJS) $(CC) $(CFLAGS) $(LDFLAGS) -g -o $(TARGET) $(OBJS) $(REGEX_OBJS) $(LIBS) static: $(REGEX_OBJS) $(OBJS) - $(CC) $(CFLAGS) $(LDFLAGS) $(STRIPFLAG) -o $(TARGET).static -static $(OBJS) $(REGEX_OBJS) $(LIBS) + $(CC) $(CFLAGS) $(LDFLAGS) -o $(TARGET).static -static $(OBJS) $(REGEX_OBJS) $(LIBS) install: $(TARGET) $(INSTALL) -c -m 0755 $(TARGET) $(DESTDIR)/$(BINDIR_INSTALL)/$(TARGET) @@ -55,11 +55,9 @@ $(CC) $(CFLAGS) $(INCLUDES) -g -c $< clean: - make -C $(REGEX_DIR) clean rm -f *~ $(OBJS) $(REGEX_OBJS) $(TARGET) $(TARGET).static distclean: clean - make -C $(REGEX_DIR) distclean rm -f config.status config.cache config.log config.h Makefile $(REGEX_OBJS): $(REGEX_OBJS:.o=.c) $(REGEX_DIR)/*.h --- a/ngrep.c +++ b/ngrep.c @@ -92,7 +92,7 @@ #endif #if USE_PCRE -#include "pcre-5.0/pcre.h" +#include #else #include "regex-0.12/regex.h" #endif debian/README.Debian0000644000000000000000000000172410777720477011255 0ustar ngrep for Debian ---------------- ngrep is now compiled against the Perl-Compatible Regular Expressions library instead of the GNU regex library. According to the FSF's website (http://www.gnu.org/), the original BSD license which included the advertising clause is not compatible with the GPL. As ngrep's license is modeled after the original BSD license and includes the advertising clause, I have decided to compile against PCRE, which is under a less restrictive license. Regular expression support is provided by the PCRE library package, which is open source software, written by Philip Hazel, and copyright by the University of Cambridge, England. Also as required by the ngrep license, this statement declares that the original source distribution has been modified for Debian. I have made changes to ensure that the package builds and installs in accordance with Debian policy. -- Nathan Sandver , Sat, 07 Aug 2004 11:18:00 -0800