reinit the tree, so we can have metadata

5 files changed, 197 insertions, 0 deletions

diff --git a/net-analyzer/sancp/files/sancp-1.6.1-compiler.patch b/net-analyzer/sancp/files/sancp-1.6.1-compiler.patch
new file mode 100644
index 000000000000..d7816cbdd5de
--- /dev/null
+++ b/net-analyzer/sancp/files/sancp-1.6.1-compiler.patch
@@ -0,0 +1,45 @@
+--- a/Makefile	2004-01-19 23:04:56.000000000 +0100
++++ b/Makefile	2010-09-15 02:02:26.000000000 +0200
+@@ -1,26 +1,26 @@
+ 
+ # !!! Uncomment this CFLAGS for a small binary !!!
+-CFLAGS	=  -O3 -s -I/usr/include/pcap -L/usr/lib/libpcap.so.0.6.2
++CFLAGS	+=  -I/usr/include/pcap -L/usr/lib/libpcap.so.0.6.2
+ 
+ # !!! or uncomment this CFLAGS for a large binary with symbols; use for debugging  !!!
+ #CFLAGS	=  -O0 -g -I/usr/include/pcap -L/usr/lib/libpcap.so.0.6.2
+ 
+ final : sancp.cc Makefile
+-	if [ ! -f build_acl.o -o build_acl.cc -nt build_acl.o ]; then g++ -Wall $(CFLAGS) -c build_acl.cc -o build_acl.o; fi
+-	if [ ! -f misc_functs.o -o misc_functs.cc -nt misc_functs.o ]; then g++ -Wall $(CFLAGS) -c misc_functs.cc -o misc_functs.o; fi
+-	if [ ! -f outputFileHandle.o -o outputFileHandle.cc -nt outputFileHandle.o ]; then g++ -Wall $(CFLAGS) -c outputFileHandle.cc -o outputFileHandle.o; fi
+-	if [ ! -f apply_rule.o -o apply_rule.cc -nt apply_rule.o ]; then g++ -Wall $(CFLAGS) -c apply_rule.cc -o apply_rule.o; fi
+-	if [ ! -f decode.o -o decode.cc -nt decode.o ]; then g++ -Wall $(CFLAGS) -c decode.cc -o decode.o; fi
+-	if [ ! -f fileHandle.o -o fileHandle.cc -nt fileHandle.o ]; then g++ -Wall $(CFLAGS) -c fileHandle.cc -o fileHandle.o; fi
+-	if [ ! -f MemoryPool.o -o MemoryPool.cc -nt MemoryPool.o ]; then g++ -Wall $(CFLAGS) -c MemoryPool.cc -o MemoryPool.o; fi
+-	if [ ! -f pcapFileHandle.o -o pcapFileHandle.cc -nt pcapFileHandle.o ]; then g++ -Wall $(CFLAGS) -c pcapFileHandle.cc -o pcapFileHandle.o; fi
+-	if [ ! -f sancp.o -o sancp.cc -nt sancp.o ]; then 	g++ -Wall $(CFLAGS) -c sancp.cc -o sancp.o; fi
+-	if [ ! -f pcap_functions.o -o pcap_functions.c -nt pcap_functions.o ]; then 	gcc -Wall $(CFLAGS) -c pcap_functions.c -o pcap_functions.o; fi
+-	if [ ! -f help.o -o help.cc -nt help.o ]; then 	g++ -Wall $(CFLAGS) -c help.cc -o help.o ; fi
+-	if [ ! -f permissions.o -o permissions.cc -nt permissions.o ]; then 	g++ -Wall $(CFLAGS) -c permissions.cc -o permissions.o ; fi
+-	if [ ! -f check_packet.o -o check_packet.cc -nt check_packet.o ]; then 	g++ -Wall $(CFLAGS) -c check_packet.cc -o check_packet.o; fi
+-	if [ ! -f statefull_logging.o -o statefull_logging.cc -nt statefull_logging.o ]; then 	g++ -Wall $(CFLAGS) -c statefull_logging.cc -o statefull_logging.o ; fi
+-	g++ -Wall $(CFLAGS) -o sancp sancp.o misc_functs.o check_packet.o statefull_logging.o build_acl.o apply_rule.o decode.o pcap_functions.o pcapFileHandle.o fileHandle.o MemoryPool.o help.o permissions.o outputFileHandle.o -lpcap
++	if [ ! -f build_acl.o -o build_acl.cc -nt build_acl.o ]; then $(CXX) -Wall $(CFLAGS) -c build_acl.cc -o build_acl.o; fi
++	if [ ! -f misc_functs.o -o misc_functs.cc -nt misc_functs.o ]; then $(CXX) -Wall $(CFLAGS) -c misc_functs.cc -o misc_functs.o; fi
++	if [ ! -f outputFileHandle.o -o outputFileHandle.cc -nt outputFileHandle.o ]; then $(CXX) -Wall $(CFLAGS) -c outputFileHandle.cc -o outputFileHandle.o; fi
++	if [ ! -f apply_rule.o -o apply_rule.cc -nt apply_rule.o ]; then $(CXX) -Wall $(CFLAGS) -c apply_rule.cc -o apply_rule.o; fi
++	if [ ! -f decode.o -o decode.cc -nt decode.o ]; then $(CXX) -Wall $(CFLAGS) -c decode.cc -o decode.o; fi
++	if [ ! -f fileHandle.o -o fileHandle.cc -nt fileHandle.o ]; then $(CXX) -Wall $(CFLAGS) -c fileHandle.cc -o fileHandle.o; fi
++	if [ ! -f MemoryPool.o -o MemoryPool.cc -nt MemoryPool.o ]; then $(CXX) -Wall $(CFLAGS) -c MemoryPool.cc -o MemoryPool.o; fi
++	if [ ! -f pcapFileHandle.o -o pcapFileHandle.cc -nt pcapFileHandle.o ]; then $(CXX) -Wall $(CFLAGS) -c pcapFileHandle.cc -o pcapFileHandle.o; fi
++	if [ ! -f sancp.o -o sancp.cc -nt sancp.o ]; then 	$(CXX) -Wall $(CFLAGS) -c sancp.cc -o sancp.o; fi
++	if [ ! -f pcap_functions.o -o pcap_functions.c -nt pcap_functions.o ]; then $(CC) -Wall $(CFLAGS) -c pcap_functions.c -o pcap_functions.o; fi
++	if [ ! -f help.o -o help.cc -nt help.o ]; then 	$(CXX) -Wall $(CFLAGS) -c help.cc -o help.o ; fi
++	if [ ! -f permissions.o -o permissions.cc -nt permissions.o ]; then 	$(CXX) -Wall $(CFLAGS) -c permissions.cc -o permissions.o ; fi
++	if [ ! -f check_packet.o -o check_packet.cc -nt check_packet.o ]; then 	$(CXX) -Wall $(CFLAGS) -c check_packet.cc -o check_packet.o; fi
++	if [ ! -f statefull_logging.o -o statefull_logging.cc -nt statefull_logging.o ]; then 	$(CXX) -Wall $(CFLAGS) -c statefull_logging.cc -o statefull_logging.o ; fi
++	$(CXX) -Wall $(CFLAGS) $(LDFLAGS) -o sancp sancp.o misc_functs.o check_packet.o statefull_logging.o build_acl.o apply_rule.o decode.o pcap_functions.o pcapFileHandle.o fileHandle.o MemoryPool.o help.o permissions.o outputFileHandle.o -lpcap
+ 
+ clean :
+ 	rm -f *.o sancp
diff --git a/net-analyzer/sancp/files/sancp-1.6.1-gcc6.patch b/net-analyzer/sancp/files/sancp-1.6.1-gcc6.patch
new file mode 100644
index 000000000000..e56d7114468e
--- /dev/null
+++ b/net-analyzer/sancp/files/sancp-1.6.1-gcc6.patch
@@ -0,0 +1,26 @@
+--- a/pcapFileHandle.h
++++ b/pcapFileHandle.h
+@@ -16,7 +16,12 @@
+ 
+ #define PCAP_HEADER_SIZE 24
+ 
+-const char pcap_header[] = { 0xd4,0xc3,0xb2,0xa1,0x02,0x00,0x04,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x20,0x4e,0x00,0x00,0x01,0x00,0x00,0x00 };
++const char pcap_header[] = {
++	(char) 0xd4,(char) 0xc3,(char) 0xb2,(char) 0xa1,(char) 0x02,(char) 0x00,
++	(char) 0x04,(char) 0x00,(char) 0x00,(char) 0x00,(char) 0x00,(char) 0x00,
++	(char) 0x00,(char) 0x00,(char) 0x00,(char) 0x00,(char) 0x20,(char) 0x4e,
++	(char) 0x00,(char) 0x00,(char) 0x01,(char) 0x00,(char) 0x00,(char) 0x00
++};
+ 
+ class pcapFileHandle : public fileHandle {
+ 
+--- a/sancp.h
++++ b/sancp.h
+@@ -223,7 +223,6 @@
+ #define R_URG          0x20
+ #define R_RES2         0x40
+ #define R_RES1         0x80
+-#define max(i,j)        (((i)>(j)) ? (i) : (j))
+ #define SIZE_OF_CLASS_C	11
+ 
+ struct t_ports {
diff --git a/net-analyzer/sancp/files/sancp.confd b/net-analyzer/sancp/files/sancp.confd
new file mode 100644
index 000000000000..31cbef82ec1b
--- /dev/null
+++ b/net-analyzer/sancp/files/sancp.confd
@@ -0,0 +1,15 @@
+# Config file for /etc/init.d/sancp
+# Copyright 1999-2012 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Interface to listen on
+IFACE="eth0"
+
+# Directory to log in 
+LOGDIR="/var/log/sancp"
+
+# Default config file
+CONF="/etc/sancp/sancp.conf"
+
+# You could add more options :)
+SANCP_OPTS="-d $LOGDIR/today -i $IFACE -c $CONF -u sancp -g sancp"
diff --git a/net-analyzer/sancp/files/sancp.rc1 b/net-analyzer/sancp/files/sancp.rc1
new file mode 100644
index 000000000000..07745f675676
--- /dev/null
+++ b/net-analyzer/sancp/files/sancp.rc1
@@ -0,0 +1,42 @@
+#!/sbin/openrc-run
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+today=$(date '+%Y-%m-%d')
+
+depend() {
+	need net
+}
+checkconfig() {
+	if [ ! -e /etc/sancp/sancp.conf ] ; then
+		eerror "You need an /etc/sancp/sancp.conf to run sancp"
+		return 1
+	fi
+}
+
+start() {
+	checkconfig || return 1
+	
+	# Today's log directory
+	if [ ! -d $LOGDIR/$today ]; then
+		/bin/mkdir $LOGDIR/$today
+		/bin/rm -f $LOGDIR/today
+	fi
+	
+	# today/ directory :)
+	if [ ! -d $LOGDIR/today ]; then
+		/bin/ln -s $LOGDIR/$today $LOGDIR/today
+	fi
+	
+	ebegin "Starting sancp"
+	start-stop-daemon --start --quiet -m --pidfile /var/run/sancp.pid \
+		--exec /usr/bin/sancp \
+		-- ${SANCP_OPTS} > /var/log/sancp.log 2>&1 &
+	eend $?
+}
+
+stop() {
+	ebegin "Stopping sancp"
+	start-stop-daemon --stop --quiet --pidfile /var/run/sancp.pid
+	eend $?
+}
diff --git a/net-analyzer/sancp/files/sguil_sancp.conf b/net-analyzer/sancp/files/sguil_sancp.conf
new file mode 100644
index 000000000000..f559286e7bb3
--- /dev/null
+++ b/net-analyzer/sancp/files/sguil_sancp.conf
@@ -0,0 +1,69 @@
+# $Id: sancp.conf,v 1.1 2004/03/19 20:33:59 bamm Exp $ #
+#
+# This sancp.conf is distributed as part of sguil (http://sguil.sf.net).
+# It's purpose is to define a default output that is compatible with table
+# schema defined by sguil. Please read the README.sancp for more information
+#
+# sancp is copyrighted by John Curry and can be downloaded at:
+# www.metre.net/sancp.html
+#
+
+# SANCP VERSION 1.5.3
+
+# Currently, sguil only supports the 'stats' output and we want it in
+# timestamped fields
+default stats tsfilename stats
+
+# Time in seconds we write a new file if expired cnxs are available
+default flush_interval=30
+# This tells sancp to open new file handle, write, and close in one step
+default burst_mode=enable
+
+# Default timeout: how many secs to wait after the last packet till we consider the cnx closed
+default timeout=120
+				
+# Conforms with out sguil sancp table schema
+format stats sancp_id,start_time_gmt,stop_time_gmt,duration,ip_proto,src_ip_decimal,src_port,dst_ip_decimal,dst_port,src_pkts,src_bytes,dst_pkts,dst_bytes,sflags,dflags
+
+# From here on you define what stats/cnxs/sessions/flows (whatever you 
+# want to call it) get logged. Please read the sancp documention for 
+# more information. Most of the below are examples of setting 
+# variables for complex rules.
+
+var ip 8                # ether proto 0x0800  # ip traffic
+
+# define some ip protocols
+
+var icmp 1
+var tcp 6
+var udp 17
+
+# define some tcp protocols
+
+var http 80
+var https 443
+var smtp 25
+var dns 53
+
+var HOME_NET 127.0.0.1
+#var WWW_NET 192.168.1.0/24
+#var MAIL_SERVER 192.168.1.2
+#var MAIL_SERVER2 192.168.1.3
+
+
+# Default output logging for each connection
+# We don't use realtime or pcap logging at this point so we pass them
+default realtime=pass
+default pcap=pass
+
+# Here is where our "rules" start. We log all stats by default
+# so this is defining exceptions.
+#
+# first six fields are required before rule options can be used
+#
+#     eth_proto src_ip dst_ip ip_proto src_port dst_port
+#
+
+# Here is an example if ignoring outbound HTTP stats.
+#ip HOME_NET any tcp any http, stats pass
+#ip HOME_NET any tcp any https, stats pass