%define _vararpwatch %{_localstatedir}/arpwatch Summary: A network traffic monitoring tool. Name: tcpdump Version: 3.4 %define tcpdump_dir tcpdump-3.4 Release: 39a # XXX epoch is necessary to obsolete tcpdump-3.4a5 Epoch: 5 Copyright: BSD Group: Applications/Internet Source0: ftp://ftp.ee.lbl.gov/tcpdump-3.4.tar.gz Source1: ftp://ftp.ee.lbl.gov/libpcap-0.4.tar.gz Source2: ftp://ftp.ee.lbl.gov/arpwatch-2.1a10.tar.gz Source3: arpwatch.init Source4: arpwatch-ethercodes.dat Patch0: tcpdump-3.4a5-man.patch # XXX patch1 not applied, already in the Kuznetsov patch. Reapply if not. Patch1: tcpdump-3.4a5-sack.patch Patch10: ftp://ftp.inr.ac.ru/ip-routing/lbl-tools/libpcap-0.4-ss991029.dif.gz Patch20: ftp://ftp.inr.ac.ru/ip-routing/lbl-tools/tcpdump-3.4-ss991030.dif.gz Patch21: tcpdump-3.4-glibc21.patch Patch22: tcpdump-3.4-sparc64.patch Patch23: tcpdump-3.4-iphl.patch Patch24: tcpdump-3.4-getproto.patch Patch25: tcpdump-3.4-manpage.patch Patch26: ftp://openrock.net/bridge/patches/tcpdump-3.1-802.1d.diff Patch27: tcpdump-3.4-bufovfl.patch Patch29: tcpdump-3.4-ethertype.patch Patch32: libpcap-sparc.patch Patch33: libpcap-0.4-fhs.patch Patch34: arpwatch-2.1a4-fhs.patch Patch36: libpcap-0.4-kern24.patch Patch38: arpwatch-2.1a10-bug19696.patch Patch39: libpcap-intf.patch Patch40: libpcap-intf2.patch Patch41: libpcap-0.4-eintr.patch Patch42: tcpdump-3.4-interfaces.patch Patch43: tcpdump-rootdrop.patch Patch44: tcpdump-3.4-glibc.patch Patch45: libpcap-0.4-s390.patch Prefix: %{_prefix} BuildRequires: kernel-headers >= 2.2.0 Requires: kernel >= 2.2.0 BuildRoot: %{_tmppath}/%{name}-root %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package -n libpcap Version: 0.4 %define libpcap_dir libpcap-0.4 Summary: A system-independent interface for user-level packet capture. Group: Development/Libraries Requires: kernel >= 2.2.0 %description -n libpcap Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this system-independent API to ease in porting and to alleviate the need for several system-dependent packet capture modules in each application. Install libpcap if you need to do low-level network traffic monitoring on your network. %package -n arpwatch Version: 2.1a10 %define arpwatch_dir arpwatch-2.1a10 Summary: Network monitoring tools for tracking IP addresses on a network. Group: Applications/System Prereq: /sbin/chkconfig /etc/init.d /sbin/service %description -n arpwatch The arpwatch package contains arpwatch and arpsnmp. Arpwatch and arpsnmp are both network monitoring tools. Both utilities monitor Ethernet or FDDI network traffic and build databases of Ethernet/IP address pairs, and can report certain changes via email. Install the arpwatch package if you need networking monitoring devices which will automatically keep track of the IP addresses on your network. %prep %setup -q -c -a 1 -a 2 cd %libpcap_dir %patch10 -p1 %ifarch sparc sparc64 %patch32 -p1 %endif %patch33 -p1 -b .fhs %patch36 -p1 -b .kern24 %patch39 -p1 -b .intf %patch40 -p1 -b .intf2 %patch41 -p1 -b .eintr cd .. cd %tcpdump_dir %patch0 -p2 # XXX patch1 not applied, already in the Kuznetsov patch. Reapply if not. #%patch1 -p2 %patch20 -p1 -b .tcpdump-ANK %patch21 -p1 -b .glibc21 # XXX this patch needed on sparc64 if SIOCGIFNAME is broke (kernel ~= 2.2.10) #%patch22 -p1 -b .sparc64 %patch23 -p1 -b .iphl %patch24 -p1 -b .getproto %patch25 -p1 -b .manpage %patch26 -p1 -b .stp %patch27 -p1 -b .bufovfl %patch29 -p1 -b .ethertype %patch42 -p1 -b .interfaces %patch43 -p1 -b .rootdrop cd .. cd %arpwatch_dir %patch34 -p1 -b .fhs %patch38 -p1 -b .bug19696 chmod u+w ethercodes.dat cp %SOURCE4 ethercodes.dat cd .. %patch44 -p1 -b .glibc %ifarch s390 s390x %patch45 -p1 -b .s390 %endif %build cd %libpcap_dir %configure DEFS="-fPIC -DHAVE_MALLOC_H=1 -DHAVE_STRERROR=1 -DHAVE_NET_IF_ARP_H=1" %ifarch alpha sparc sparc64 DEFS="$DEFS -DHAVE_ETHER_HOSTTON=1 -DLBL_ALIGN=1" %endif make DEFS="$DEFS" cd .. cd %tcpdump_dir %define optflags $RPM_OPT_FLAGS -DIP_MAX_MEMBERSHIPS=20 autoconf %configure %undefine optflags DEFS="-DHAVE_FCNTL_H=1 -DHAVE_MALLOC_H=1 -DHAVE_MEMORY_H=1 -DHAVE_RPC_RPCENT_H=1 -DTIME_WITH_SYS_TIME=1 -DHAVE_NET_SLIP_H=1 -DHAVE_VFPRINTF=1 -DHAVE_STRCASECMP=1 -DHAVE_SETLINEBUF=1 -DHAVE_LIBRPC=1 -DRETSIGTYPE=void -DRETSIGVAL= -DHAVE_SIGACTION=1 -DHAVE_FDDI" %ifarch alpha sparc sparc64 DEFS="$DEFS -DHAVE_ETHER_HOSTTON=1 -DLBL_ALIGN=1 -DHAVE_ETHER_NTOA=1" %endif %ifarch sparc sparc64 DEFS="$DEFS -DWORDS_BIGENDIAN" %endif make DEFS="$DEFS" cd .. cd %arpwatch_dir %configure make ARPDIR=%{_vararpwatch} cd .. %install rm -rf ${RPM_BUILD_ROOT} mkdir -p ${RPM_BUILD_ROOT}%{_libdir} mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{3,8} mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} cd %libpcap_dir mkdir -p ${RPM_BUILD_ROOT}%{_includedir}/pcap/net make DESTDIR=${RPM_BUILD_ROOT} INCLDEST=%{_includedir}/pcap install install-incl install-man cd .. cd %tcpdump_dir install -m755 -s tcpdump ${RPM_BUILD_ROOT}%{_sbindir} install -m644 tcpdump.1 ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdump.8 cd .. cd %arpwatch_dir make DESTDIR=${RPM_BUILD_ROOT} install install-man mkdir -p ${RPM_BUILD_ROOT}%{_vararpwatch} for n in arp2ethers massagevendor; do install -m755 $n ${RPM_BUILD_ROOT}%{_vararpwatch} done for n in *.awk *.dat; do install -m644 $n ${RPM_BUILD_ROOT}%{_vararpwatch} done ( cd ${RPM_BUILD_ROOT} mkdir -p ./etc/rc.d/init.d install -c -m755 $RPM_SOURCE_DIR/arpwatch.init ./etc/rc.d/init.d/arpwatch mkdir -p ./etc/sysconfig cat >./etc/sysconfig/arpwatch </dev/null 2>&1 fi %preun -n arpwatch if [ $1 = 0 ]; then /sbin/service arpwatch stop > /dev/null 2>&1 /sbin/chkconfig --del arpwatch fi %files %defattr(-,root,root) %doc %tcpdump_dir/README %tcpdump_dir/CHANGES %{_sbindir}/tcpdump %{_mandir}/man8/tcpdump.8* %files -n libpcap %defattr(-,root,root) %doc %libpcap_dir/README %libpcap_dir/CHANGES %{_includedir}/pcap %{_libdir}/libpcap.a %{_mandir}/man3/pcap.3* %files -n arpwatch %defattr(-,root,root) %doc %arpwatch_dir/README %arpwatch_dir/CHANGES %{_sbindir}/arpwatch %{_sbindir}/arpsnmp %{_mandir}/man8/arpwatch.8* %{_mandir}/man8/arpsnmp.8* %config /etc/rc.d/init.d/arpwatch %config /etc/sysconfig/arpwatch %dir %{_vararpwatch} %config %{_vararpwatch}/arp.dat %config %{_vararpwatch}/ethercodes.dat %{_vararpwatch}/*.awk %{_vararpwatch}/arp2ethers %{_vararpwatch}/massagevendor %changelog * Tue Apr 10 2001 Oliver Paukstadt - ported to s390x (64 Bit) - added asm/types.h to libpcap * Wed Feb 14 2001 Harald Hoyer - glibc sys/time -> time include patch * Wed Feb 7 2001 Trond Eivind Glomsrød - Add space to this check * Wed Feb 07 2001 Harald Hoyer - added check for presence of /etc/sysconfig/arpwatch (#23172) * Fri Feb 2 2001 Trond Eivind Glomsrød - i18nize initscript * Mon Jan 29 2001 Harald Hoyer - fixed EINTR stopping for e.g. SIGSTOP. (#22008) - added -u option for tcpdump (#20231) - new arpwatch version (#23172) - added "all" and "one" interface for -i (#20907) - added arpwatch sysconfig (#23172) * Mon Jan 22 2001 Harald Hoyer - more (potential) overflows in libpcap. #21373 - documentation fix for #20906 * Sun Nov 26 2000 Jeff Johnson - more (potential) overflows in libpcap. * Sun Nov 12 2000 Jeff Johnson - eliminate still more buffer overflows (from FreeBSD) (#20069). * Thu Nov 2 2000 Jeff Johnson - eliminate more buffer overflows (from FreeBSD) (#20069). - 802.1q ether type incorrect (#19850). - add -u flag to drop arpwatch privs (#19696). * Sun Oct 15 2000 Jeff Johnson - updated ethercodes.dat * Thu Oct 12 2000 Jeff Johnson - fix arpwatch tmp race (#18943). * Fri Aug 11 2000 Bill Nottingham - fix condrestart * Fri Aug 11 2000 Jeff Johnson - correct arpsnmp man pages (#15442). - don't print harmless ENOPROTOOPT message (#13518). * Fri Aug 4 2000 Jeff Johnson - rebuild with final kernel headers (#13518). * Sat Jul 22 2000 Jeff Johnson - add STP patch (#14112). * Fri Jul 14 2000 Matt Wilson - source /etc/init.d/functions - back out /etc/init.d/arpwatch, place file in /etc/rc.d - move initscript to /etc/init.d - changed initscript to use start() and stop() functions - added condrestart to init script - added %%post %%preun %%postun scripts to register arpwatch script - added Prereq: for all things needed in post/preun/postun * Wed Jul 12 2000 Prospector - automatic rebuild * Tue Jul 11 2000 Jeff Johnson - updated man page and help (pekkas@netcore.fi) (#10739 et al). * Sun Jun 18 2000 Jeff Johnson - FHS packaging. * Tue May 9 2000 Bill Nottingham - minor tweaks for ia64 (prototypes) * Thu Feb 17 2000 Bernhard Rosenkraenzer - Compile shared libpcap with -fPIC (Bug #6342) * Wed Feb 02 2000 Cristian Gafton - fix descriptions - man pages are compressed * Wed Dec 22 1999 Jeff Johnson - remove sparc64 SIOCGIFNAME hack, not needed with (at least) kernel 2.2.12-40. - upgrade to ANK ss991030 snapshot with pcap magic fix (#6773). - add getprotobyname lookup (#6725). - getservbyname port lookup appears functional (#7569). - remove uid 2090 backdoor (sorry Dave) (#7116). * Thu Sep 09 1999 Cristian Gafton - fox the pcap.h header * Fri Aug 20 1999 Jeff Johnson - prevent segfault on obscure spoofed ip header (#4634). * Wed Aug 18 1999 Jeff Johnson - add defattr to arpwatch (#4591). * Mon Aug 16 1999 Bill Nottingham - initscript munging * Sun Aug 8 1999 Jeff Johnson - add -DWORDS_BIGINDIAN to tcpdump compile on sparc sparc61. * Tue Aug 3 1999 Jeff Johnson - include A. Kuznetsov's patches to libpcap/tcpdump. - added arpsnmp to package (#3258). - arp2ethers written for different of awk (#4326). * Sun Mar 21 1999 Cristian Gafton - auto rebuild in the new build environment (release 10) * Fri Mar 19 1999 Jeff Johnson - strip binaries. * Wed Jan 13 1999 Bill Nottingham - autoconf fixes for arm * Tue Sep 29 1998 Jeff Johnson - libpcap description typo. * Sat Sep 19 1998 Jeff Johnson - fix arpwatch summary line. * Mon Aug 17 1998 Jeff Johnson - enable arpwatch * Mon Aug 3 1998 Jeff Johnson - separate package for libpcap. - update tcpdump to 3.4, libpcap to 0.4. - added arpwatch (but disabled for now) * Thu May 07 1998 Prospector System - translations modified for de, fr, tr * Sat May 2 1998 Alan Cox - Added the SACK printing fix so you can dump Linux 2.1+. * Tue Oct 21 1997 Erik Troan - updated to release 3.4a5 - uses a buildroot and %attr * Thu Jul 17 1997 Erik Troan - built against glibc