Attachment #58575 for bug #88240

View | Details | Raw Unified | Return to bug 88240
Collapse All | Expand All




#

PORTNAME=	doorman
PORTVERSION=	0.81
PORTREVISION=	1
CATEGORIES=	security
MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
MASTER_SITE_SUBDIR=	doorman

BUILD_DEPENDS=	lsof:${PORTSDIR}/sysutils/lsof
RUN_DEPENDS=	${BUILD_DEPENDS}

PKGMESSAGE=	${WRKDIR}/pkg-message
PATCH_STRIP=	-p1

# Default to db4
WITH_BDB_VER?=	4

.include <bsd.port.pre.mk>

.if ${WITH_BDB_VER} == 2
LIB_DEPENDS=	db2.0:${PORTSDIR}/databases/db2
.elif ${WITH_BDB_VER} == 3
LIB_DEPENDS=	db3.3:${PORTSDIR}/databases/db3
.elif ${WITH_BDB_VER} == 4
LIB_DEPENDS=	db4.0:${PORTSDIR}/databases/db4
.elif ${WITH_BDB_VER} == 41
LIB_DEPENDS=	db41.1:${PORTSDIR}/databases/db41
.elif ${WITH_BDB_VER} == 42
LIB_DEPENDS=	db-4.2.2:${PORTSDIR}/databases/db42
.else
.error WITH_BDB_VER must be one between 2, 3, 4, 41 and 42
.endif

# doormand does not work with the FreeBSD 4.x version of libpcap.
# Require the ports version.
.if ${OSVERSION} < 500000
BUILD_DEPENDS+=	${LOCALBASE}/lib/libpcap.a:${PORTSDIR}/net/libpcap
.endif

PKGMESSAGE=	${WRKDIR}/pkg-message
PATCH_STRIP=	-p1

INSTALL_TARGET=	installdirs install-exec install-data

MAN1=	knock.1

MAN8=	doormand.8

GNU_CONFIGURE=	yes
SUB_FILES=	pkg-message doormand.cf.EXAMPLE
USE_RC_SUBR=	doorman.sh

pre-everything::
	@${ECHO_MSG}
	@${ECHO_MSG} " This port currently requires BerkeleyDB, has only been tested with the "
	@${ECHO_MSG} " db4.x releases, and builds with db4 by default.  If you wish to use a "
	@${ECHO_MSG} " specific version please use the WITH_BDB_VER=x argument using the "
	@${ECHO_MSG} " values 2, 3, 4, 41, or 42. "
	@${ECHO_MSG}
	@${ECHO_MSG} " CURRENTLY BUILDING WITH db${WITH_BDB_VER} "
	@${ECHO_MSG}

post-install:
	${RM} -f ${PREFIX}/etc/doormand/ipf_add
	${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.atend ${PREFIX}/etc/doormand/ipf_add.atend
	${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.before_block ${PREFIX}/etc/doormand/ipf_add.before_block
	${INSTALL_SCRIPT} ${FILESDIR}/ipf_delete ${PREFIX}/etc/doormand/ipf_delete
	${INSTALL_DATA} ${WRKDIR}/doormand.cf.EXAMPLE ${PREFIX}/etc/doormand/doormand.cf.EXAMPLE
	@for man in ${MAN1}; do \
		${INSTALL_MAN} -C ${WRKSRC}/$$man ${PREFIX}/man/man1; \
	done

Lines 1-2 Link Here

(-)doorman-0.81/distinfo (-2 / +2 lines)
1	MD5 (doorman-0.8.tgz) = 44a495d06bf81ac9a824380612035672	1	MD5 (doorman-0.81.tgz) = f0f30132a541122fa46f4d6d321260d9
2	SIZE (doorman-0.8.tgz) = 139950	2	SIZE (doorman-0.81.tgz) = 140643




#
#  'doormand.cf'
#  Sample configuration file for the Doorman Daemon, "doormand".
#
#
interface           tun0
port                1033
waitfor             10
connection_delay_1  100000  # 1/10th second (delay is in microseconds)
connection_delay_2  2
logfile             /var/log/doorman
loglevel            debug
pidfile             /var/run/doormand.pid
guestlist           %%PREFIX%%/etc/doormand/guestlist
firewall-add        %%PREFIX%%/etc/doormand/ipf_add.before_block
firewall-del        %%PREFIX%%/etc/doormand/ipf_delete
hash-archive        /var/run/doormand.hash-archive
hash-archive-size   100000




--- Makefile.in.orig	Sun Jul 25 20:35:35 2004
+++ Makefile.in	Sun Oct 30 15:57:06 2005
@@ -197,8 +197,7 @@
 man5_MANS = knockcf.5 doormand.cf.5 guestlist.5
 man8_MANS = doormand.8
 cfgdir = $(sysconfdir)/doormand
-cfg_DATA = doormand.cf.EXAMPLE\
-	   guestlist.EXAMPLE\
+cfg_DATA = guestlist.EXAMPLE\
 	   iptables_add iptables_delete\
 	   ipchains_add ipchains_delete\
 	   ipf_add ipf_delete\
@@ -864,7 +863,6 @@
 	chmod 744 $(DESTDIR)$(cfgdir)/pfctl_add
 	chmod 744 $(DESTDIR)$(cfgdir)/pfctl_delete
 	chmod 600 $(DESTDIR)$(cfgdir)/guestlist.EXAMPLE
-	chmod 644 $(DESTDIR)$(cfgdir)/doormand.cf.EXAMPLE
 # Tell versions [3.59,3.63) of GNU make to not export all variables.
 # Otherwise a system limit (for SysV at least) may be exceeded.
 .NOEXPORT:

Line 0 Link Here

(-)doorman-0.81/files/patch-configure (+11 lines)
	1	--- configure.orig Mon Sep 5 17:07:45 2005
	2	+++ configure Sun Oct 30 14:52:28 2005
	3	@@ -4893,7 +4893,7 @@
	4	echo "${ECHO_T}no" >&6
	5	fi
	6
	7	-if test "$LSOF" == "no"; then
	8	+if test "$LSOF" = "no"; then
	9	echo -e "\a"
	10	echo "*** Utility 'lsof' is missing; doormand cannot function properly without it."
	11	echo "*** (Get lsof at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof.tar.gz)"

Line 0 Link Here

(-)doorman-0.81/files/patch-configure.ac (+11 lines)
	1	--- configure.ac.orig Sun Aug 7 16:26:03 2005
	2	+++ configure.ac Sun Oct 30 14:53:03 2005
	3	@@ -22,7 +22,7 @@
	4
	5	AC_PATH_PROG([LSOF], [lsof], [no],
	6	[/bin:/usr/bin:/usr/local/bin:/sbin:/usr/sbin:/usr/local/sbin])
	7	-if test "$LSOF" == "no"; then
	8	+if test "$LSOF" = "no"; then
	9	echo -e "\a"
	10	echo "*** Utility 'lsof' is missing; doormand cannot function properly without it."
	11	echo "*** (Get lsof at: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof.tar.gz)"




--- doorman-0.81/doormand.c	2005-10-30 14:00:27.000000000 +0100
+++ doormand.c	2005-10-30 14:05:18.000000000 +0100
@@ -387,7 +387,11 @@
     int datalink_header_lengths[] = {
     //    hdr len      code      data link type
     //    -------      --- ---------------------------
+#ifdef __FreeBSD__
+             4,    //   0  no link-layer encapsulation
+#else
              0,    //   0  no link-layer encapsulation
+#endif
             14,    //   1  Ethernet (10Mb)
             -1,    //   2  Experimental Ethernet (3Mb)
             -1,    //   3  Amateur Radio AX.25
@@ -614,6 +618,14 @@
 // more readable.
 //
 
+/*
+// lsof on FreeBSD produces one more field.
+// This should be rewritten to use a regular expression, anyway.
+//
+// And who said using C++ style comments in C was good for portability?!?
+*/
+
+#ifdef __FreeBSD__
 #define LSOF()\
 sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\
 \
@@ -635,6 +647,7 @@
     if ((p1 = token (&p2, " ")) == NULL) continue ;\
     if ((p1 = token (&p2, " ")) == NULL) continue ;\
     if ((p1 = token (&p2, " ")) == NULL) continue ;\
+    if ((p1 = token (&p2, " ")) == NULL) continue ;\
     if ((p1 = token (&p2, " :")) == NULL) continue ;\
     local_ip = inet_addr(p1) ;\
     if ((p1 = token (&p2, "-")) == NULL) continue ;\
@@ -659,7 +672,53 @@
     }\
 }\
 pclose(f) ;
-
+#else
+#define LSOF()\
+sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\
+\
+f = popen (cmd, "r") ;\
+if (f == NULL) {\
+    croak (errno, "Can't execute '%s'; exiting.", cmd) ;\
+}\
+\
+fgets(buffer, 254, f) ;   /* throw away the first line. */ \
+while (fgets(buffer, 254, f)) {\
+    p2 = buffer ;\
+    if ((p1 = token (&p2, " ")) == NULL) continue ;\
+    dname = p1 ;\
+    if ((p1 = token (&p2, " ")) == NULL) continue ;\
+    pid = p1 ;\
+    if ((p1 = token (&p2, " ")) == NULL) continue ;\
+    uname = p1 ;\
+    if ((p1 = token (&p2, " ")) == NULL) continue ;\
+    if ((p1 = token (&p2, " ")) == NULL) continue ;\
+    if ((p1 = token (&p2, " ")) == NULL) continue ;\
+    if ((p1 = token (&p2, " ")) == NULL) continue ;\
+    if ((p1 = token (&p2, " :")) == NULL) continue ;\
+    local_ip = inet_addr(p1) ;\
+    if ((p1 = token (&p2, "-")) == NULL) continue ;\
+    local_port = atoi(p1) ;\
+    if ((p1 = token (&p2, "->:")) == NULL) continue ;\
+    aptr = p1 ;\
+    remote_ip = inet_addr(p1) ;\
+    if ((p1 = token (&p2, " ")) == NULL) continue ;\
+    pptr = p1 ;\
+    remote_port = atoi(p1) ;\
+    if ((p1 = token (&p2, " ()")) == NULL) continue ;\
+    status = p1 ;\
+\
+    if ((saddr == remote_ip) &&\
+        (daddr == local_ip) &&\
+        (sport == remote_port) &&\
+        (dport == local_port) && \
+        (strcmp(status, "ESTABLISHED") == 0))\
+    {\
+        connected = TRUE ;\
+        break ;\
+    }\
+}\
+pclose(f) ;
+#endif
 
 
 
@@ -704,7 +763,11 @@
     snprintf (cmd, 254, "tcp and dst port %s and src %s and dst %s",
               dport_string, src_addr, interface_ip_str) ;
     DEBUG "open a secondary pcap: '%s'", cmd) ;
+#ifdef __FreeBSD__
+    hdr_len = open_a_pcap (device, 1000, &cap, cmd) ;
+#else
     hdr_len = open_a_pcap (device, 0, &cap, cmd) ;
+#endif
 
     // set broad firewall rule
     sprintf (G_fw_broad_rule, " %s %s 0 %s %s",
@@ -716,7 +779,22 @@
 
     for (;;) {
 
+#ifdef __FreeBSD__
+	{
+	    int ret = 0;
+	    struct pcap_pkthdr * packet_hdr_p;
+
+	    while (ret == 0) {
+		ret = pcap_next_ex (cap, &packet_hdr_p, (const u_char **)&p) ;
+		packet_hdr = *packet_hdr_p;
+		if (ret < 0) {
+		    p = NULL;
+		}
+	    }
+	}
+#else
         p = (unsigned char*)pcap_next (cap, &packet_hdr) ;
+#endif
         if (p == NULL) {
             WARNX "manage_firewall got null from 'pcap_next': %s  Exiting.",
                    pcap_geterr(G_cap)) ;
@@ -1300,9 +1378,13 @@
         croak (errno, "Can't get interface address of %s", device) ;
     }
 
+#ifdef __FreeBSD__
+    hdr_len = open_a_pcap (device, 1000, &G_cap, "udp and port %d and dst %s",
+                           port, interface_ip) ;
+#else
     hdr_len = open_a_pcap (device, 0, &G_cap, "udp and port %d and dst %s",
                            port, interface_ip) ;
-
+#endif
     if (G_reconfigure) {
         G_reconfigure = FALSE ;
         NOTICE "reconfigured.") ;
@@ -1330,9 +1412,22 @@
         char            src_addr_buff[16] ;
 
         errno = 0 ;
-        netdown_count = 0 ;
-
+#ifdef __FreeBSD__
+	{
+	    int ret = 0;
+	    struct pcap_pkthdr * packet_hdr_p;
+
+	    while (ret == 0) {
+		ret = pcap_next_ex (G_cap, &packet_hdr_p, (const u_char **)&p) ;
+		packet_hdr = *packet_hdr_p;
+		if (ret < 0) {
+		    p = NULL;
+		}
+	    }
+	}
+#else
         p = (unsigned char *)pcap_next (G_cap, &packet_hdr) ;
+#endif
         if (G_reconfigure) {
             if (daemonize) err_closelog() ;
             goto reconfigure ;

Return to bug 88240

Lines 6-13 Link Here

(-)doorman-0.81/Makefile (-33 / +6 lines)
6	#	6	#
7		7
8	PORTNAME= doorman	8	PORTNAME= doorman
9	PORTVERSION= 0.8	9	PORTVERSION= 0.81
10	PORTREVISION= 1
11	CATEGORIES= security	10	CATEGORIES= security
12	MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}	11	MASTER_SITES= ${MASTER_SITE_SOURCEFORGE}
13	MASTER_SITE_SUBDIR= doorman	12	MASTER_SITE_SUBDIR= doorman
Lines 19-52 Link Here
19	BUILD_DEPENDS= lsof:${PORTSDIR}/sysutils/lsof	18	BUILD_DEPENDS= lsof:${PORTSDIR}/sysutils/lsof
20	RUN_DEPENDS= ${BUILD_DEPENDS}	19	RUN_DEPENDS= ${BUILD_DEPENDS}
21		20
22	PKGMESSAGE= ${WRKDIR}/pkg-message
23	PATCH_STRIP= -p1
24
25	# Default to db4
26	WITH_BDB_VER?= 4
27
28	.include <bsd.port.pre.mk>	21	.include <bsd.port.pre.mk>
29		22
30	.if ${WITH_BDB_VER} == 2
31	LIB_DEPENDS= db2.0:${PORTSDIR}/databases/db2
32	.elif ${WITH_BDB_VER} == 3
33	LIB_DEPENDS= db3.3:${PORTSDIR}/databases/db3
34	.elif ${WITH_BDB_VER} == 4
35	LIB_DEPENDS= db4.0:${PORTSDIR}/databases/db4
36	.elif ${WITH_BDB_VER} == 41
37	LIB_DEPENDS= db41.1:${PORTSDIR}/databases/db41
38	.elif ${WITH_BDB_VER} == 42
39	LIB_DEPENDS= db-4.2.2:${PORTSDIR}/databases/db42
40	.else
41	.error WITH_BDB_VER must be one between 2, 3, 4, 41 and 42
42	.endif
43
44	# doormand does not work with the FreeBSD 4.x version of libpcap.	23	# doormand does not work with the FreeBSD 4.x version of libpcap.
45	# Require the ports version.	24	# Require the ports version.
46	.if ${OSVERSION} < 500000	25	.if ${OSVERSION} < 500000
47	BUILD_DEPENDS+= ${LOCALBASE}/lib/libpcap.a:${PORTSDIR}/net/libpcap	26	BUILD_DEPENDS+= ${LOCALBASE}/lib/libpcap.a:${PORTSDIR}/net/libpcap
48	.endif	27	.endif
49		28
		29	PKGMESSAGE= ${WRKDIR}/pkg-message
		30	PATCH_STRIP= -p1
		31
50	INSTALL_TARGET= installdirs install-exec install-data	32	INSTALL_TARGET= installdirs install-exec install-data
51		33
52	MAN1= knock.1	34	MAN1= knock.1
Lines 54-77 Link Here
54	MAN8= doormand.8	36	MAN8= doormand.8
55		37
56	GNU_CONFIGURE= yes	38	GNU_CONFIGURE= yes
57	SUB_FILES= pkg-message	39	SUB_FILES= pkg-message doormand.cf.EXAMPLE
58	USE_RC_SUBR= doorman.sh	40	USE_RC_SUBR= doorman.sh
59		41
60	pre-everything::
61	@${ECHO_MSG}
62	@${ECHO_MSG} " This port currently requires BerkeleyDB, has only been tested with the "
63	@${ECHO_MSG} " db4.x releases, and builds with db4 by default. If you wish to use a "
64	@${ECHO_MSG} " specific version please use the WITH_BDB_VER=x argument using the "
65	@${ECHO_MSG} " values 2, 3, 4, 41, or 42. "
66	@${ECHO_MSG}
67	@${ECHO_MSG} " CURRENTLY BUILDING WITH db${WITH_BDB_VER} "
68	@${ECHO_MSG}
69
70	post-install:	42	post-install:
71	${RM} -f ${PREFIX}/etc/doormand/ipf_add	43	${RM} -f ${PREFIX}/etc/doormand/ipf_add
72	${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.atend ${PREFIX}/etc/doormand/ipf_add.atend	44	${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.atend ${PREFIX}/etc/doormand/ipf_add.atend
73	${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.before_block ${PREFIX}/etc/doormand/ipf_add.before_block	45	${INSTALL_SCRIPT} ${FILESDIR}/ipf_add.before_block ${PREFIX}/etc/doormand/ipf_add.before_block
74	${INSTALL_SCRIPT} ${FILESDIR}/ipf_delete ${PREFIX}/etc/doormand/ipf_delete	46	${INSTALL_SCRIPT} ${FILESDIR}/ipf_delete ${PREFIX}/etc/doormand/ipf_delete
		47	${INSTALL_DATA} ${WRKDIR}/doormand.cf.EXAMPLE ${PREFIX}/etc/doormand/doormand.cf.EXAMPLE
75	@for man in ${MAN1}; do \	48	@for man in ${MAN1}; do \
76	${INSTALL_MAN} -C ${WRKSRC}/$$man ${PREFIX}/man/man1; \	49	${INSTALL_MAN} -C ${WRKSRC}/$$man ${PREFIX}/man/man1; \
77	done	50	done

Line 0 Link Here

(-)doorman-0.81/files/doormand.cf.EXAMPLE.in (+18 lines)
	1	#
	2	# 'doormand.cf'
	3	# Sample configuration file for the Doorman Daemon, "doormand".
	4	#
	5	#
	6	interface tun0
	7	port 1033
	8	waitfor 10
	9	connection_delay_1 100000 # 1/10th second (delay is in microseconds)
	10	connection_delay_2 2
	11	logfile /var/log/doorman
	12	loglevel debug
	13	pidfile /var/run/doormand.pid
	14	guestlist %%PREFIX%%/etc/doormand/guestlist
	15	firewall-add %%PREFIX%%/etc/doormand/ipf_add.before_block
	16	firewall-del %%PREFIX%%/etc/doormand/ipf_delete
	17	hash-archive /var/run/doormand.hash-archive
	18	hash-archive-size 100000

Line 0 Link Here

(-)doorman-0.81/files/patch-Makefile.in (+20 lines)
	1	--- Makefile.in.orig Sun Jul 25 20:35:35 2004
	2	+++ Makefile.in Sun Oct 30 15:57:06 2005
	3	@@ -197,8 +197,7 @@
	4	man5_MANS = knockcf.5 doormand.cf.5 guestlist.5
	5	man8_MANS = doormand.8
	6	cfgdir = $(sysconfdir)/doormand
	7	-cfg_DATA = doormand.cf.EXAMPLE\
	8	- guestlist.EXAMPLE\
	9	+cfg_DATA = guestlist.EXAMPLE\
	10	iptables_add iptables_delete\
	11	ipchains_add ipchains_delete\
	12	ipf_add ipf_delete\
	13	@@ -864,7 +863,6 @@
	14	chmod 744 $(DESTDIR)$(cfgdir)/pfctl_add
	15	chmod 744 $(DESTDIR)$(cfgdir)/pfctl_delete
	16	chmod 600 $(DESTDIR)$(cfgdir)/guestlist.EXAMPLE
	17	- chmod 644 $(DESTDIR)$(cfgdir)/doormand.cf.EXAMPLE
	18	# Tell versions [3.59,3.63) of GNU make to not export all variables.
	19	# Otherwise a system limit (for SysV at least) may be exceeded.
	20	.NOEXPORT:

Lines 1-165 Link Here

(-)doorman-0.81/files/patch-doormand.c (-165 / +167 lines)
1	--- doorman-0.8.orig/doormand.c Thu Jul 29 21:24:02 2004	1	--- doorman-0.81/doormand.c 2005-10-30 14:00:27.000000000 +0100
2	+++ doorman-0.8/doormand.c Sun May 29 09:05:31 2005	2	+++ doormand.c 2005-10-30 14:05:18.000000000 +0100
3	@@ -397,7 +397,11 @@	3	@@ -387,7 +387,11 @@
4	int datalink_header_lengths[] = {	4	int datalink_header_lengths[] = {
5	// hdr len code data link type	5	// hdr len code data link type
6	// ------- --- ---------------------------	6	// ------- --- ---------------------------
7	+#ifdef __FreeBSD__	7	+#ifdef __FreeBSD__
8	+ 4, // 0 no link-layer encapsulation	8	+ 4, // 0 no link-layer encapsulation
9	+#else	9	+#else
10	0, // 0 no link-layer encapsulation	10	0, // 0 no link-layer encapsulation
11	+#endif	11	+#endif
12	14, // 1 Ethernet (10Mb)	12	14, // 1 Ethernet (10Mb)
13	-1, // 2 Experimental Ethernet (3Mb)	13	-1, // 2 Experimental Ethernet (3Mb)
14	-1, // 3 Amateur Radio AX.25	14	-1, // 3 Amateur Radio AX.25
15	@@ -557,6 +561,14 @@	15	@@ -614,6 +618,14 @@
16	// more readable.	16	// more readable.
17	//	17	//
18		18
19	+/*	19	+/*
20	+// lsof on FreeBSD produces one more field.	20	+// lsof on FreeBSD produces one more field.
21	+// This should be rewritten to use a regular expression, anyway.	21	+// This should be rewritten to use a regular expression, anyway.
22	+//	22	+//
23	+// And who said using C++ style comments in C was good for portability?!?	23	+// And who said using C++ style comments in C was good for portability?!?
24	+*/	24	+*/
25	+	25	+
26	+#ifdef __FreeBSD__	26	+#ifdef __FreeBSD__
27	#define LSOF()\	27	#define LSOF()\
28	sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\	28	sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\
29	\	29	\
30	@@ -578,6 +590,7 @@	30	@@ -635,6 +647,7 @@
31	if ((p1 = token (&p2, " ")) == NULL) continue ;\	31	if ((p1 = token (&p2, " ")) == NULL) continue ;\
32	if ((p1 = token (&p2, " ")) == NULL) continue ;\	32	if ((p1 = token (&p2, " ")) == NULL) continue ;\
33	if ((p1 = token (&p2, " ")) == NULL) continue ;\	33	if ((p1 = token (&p2, " ")) == NULL) continue ;\
34	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\	34	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
35	if ((p1 = token (&p2, " :")) == NULL) continue ;\	35	if ((p1 = token (&p2, " :")) == NULL) continue ;\
36	local_ip = inet_addr(p1) ;\	36	local_ip = inet_addr(p1) ;\
37	if ((p1 = token (&p2, "-")) == NULL) continue ;\	37	if ((p1 = token (&p2, "-")) == NULL) continue ;\
38	@@ -602,7 +615,53 @@	38	@@ -659,7 +672,53 @@
39	}\	39	}\
40	}\	40	}\
41	pclose(f) ;	41	pclose(f) ;
42	-	42	-
43	+#else	43	+#else
44	+#define LSOF()\	44	+#define LSOF()\
45	+sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\	45	+sprintf (cmd, "lsof -Pn -iTCP@%s:%s", interface_ip_str, dport_string) ;\
46	+\	46	+\
47	+f = popen (cmd, "r") ;\	47	+f = popen (cmd, "r") ;\
48	+if (f == NULL) {\	48	+if (f == NULL) {\
49	+ croak (errno, "Can't execute '%s'; exiting.", cmd) ;\	49	+ croak (errno, "Can't execute '%s'; exiting.", cmd) ;\
50	+}\	50	+}\
51	+\	51	+\
52	+fgets(buffer, 254, f) ; /* throw away the first line. */ \	52	+fgets(buffer, 254, f) ; /* throw away the first line. */ \
53	+while (fgets(buffer, 254, f)) {\	53	+while (fgets(buffer, 254, f)) {\
54	+ p2 = buffer ;\	54	+ p2 = buffer ;\
55	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\	55	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
56	+ dname = p1 ;\	56	+ dname = p1 ;\
57	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\	57	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
58	+ pid = p1 ;\	58	+ pid = p1 ;\
59	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\	59	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
60	+ uname = p1 ;\	60	+ uname = p1 ;\
61	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\	61	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
62	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\	62	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
63	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\	63	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
64	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\	64	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
65	+ if ((p1 = token (&p2, " :")) == NULL) continue ;\	65	+ if ((p1 = token (&p2, " :")) == NULL) continue ;\
66	+ local_ip = inet_addr(p1) ;\	66	+ local_ip = inet_addr(p1) ;\
67	+ if ((p1 = token (&p2, "-")) == NULL) continue ;\	67	+ if ((p1 = token (&p2, "-")) == NULL) continue ;\
68	+ local_port = atoi(p1) ;\	68	+ local_port = atoi(p1) ;\
69	+ if ((p1 = token (&p2, "->:")) == NULL) continue ;\	69	+ if ((p1 = token (&p2, "->:")) == NULL) continue ;\
70	+ aptr = p1 ;\	70	+ aptr = p1 ;\
71	+ remote_ip = inet_addr(p1) ;\	71	+ remote_ip = inet_addr(p1) ;\
72	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\	72	+ if ((p1 = token (&p2, " ")) == NULL) continue ;\
73	+ pptr = p1 ;\	73	+ pptr = p1 ;\
74	+ remote_port = atoi(p1) ;\	74	+ remote_port = atoi(p1) ;\
75	+ if ((p1 = token (&p2, " ()")) == NULL) continue ;\	75	+ if ((p1 = token (&p2, " ()")) == NULL) continue ;\
76	+ status = p1 ;\	76	+ status = p1 ;\
77	+\	77	+\
78	+ if ((saddr == remote_ip) &&\	78	+ if ((saddr == remote_ip) &&\
79	+ (daddr == local_ip) &&\	79	+ (daddr == local_ip) &&\
80	+ (sport == remote_port) &&\	80	+ (sport == remote_port) &&\
81	+ (dport == local_port) && \	81	+ (dport == local_port) && \
82	+ (strcmp(status, "ESTABLISHED") == 0))\	82	+ (strcmp(status, "ESTABLISHED") == 0))\
83	+ {\	83	+ {\
84	+ connected = TRUE ;\	84	+ connected = TRUE ;\
85	+ break ;\	85	+ break ;\
86	+ }\	86	+ }\
87	+}\	87	+}\
88	+pclose(f) ;	88	+pclose(f) ;
89	+#endif	89	+#endif
90		90
91		91
92		92
93	@@ -647,7 +706,11 @@	93	@@ -704,7 +763,11 @@
94	snprintf (cmd, 254, "tcp and dst port %s and src %s and dst %s",	94	snprintf (cmd, 254, "tcp and dst port %s and src %s and dst %s",
95	dport_string, src_addr, interface_ip_str) ;	95	dport_string, src_addr, interface_ip_str) ;
96	DEBUG "open a secondary pcap: '%s'", cmd) ;	96	DEBUG "open a secondary pcap: '%s'", cmd) ;
97	+#ifdef __FreeBSD__	97	+#ifdef __FreeBSD__
98	+ hdr_len = open_a_pcap (device, 1000, &cap, cmd) ;	98	+ hdr_len = open_a_pcap (device, 1000, &cap, cmd) ;
99	+#else	99	+#else
100	hdr_len = open_a_pcap (device, 0, &cap, cmd) ;	100	hdr_len = open_a_pcap (device, 0, &cap, cmd) ;
101	+#endif	101	+#endif
102		102
103	// set broad firewall rule	103	// set broad firewall rule
104	sprintf (G_fw_broad_rule, " %s %s 0 %s %s",	104	sprintf (G_fw_broad_rule, " %s %s 0 %s %s",
105	@@ -659,7 +722,22 @@	105	@@ -716,7 +779,22 @@
106		106
107	for (;;) {	107	for (;;) {
108		108
109	+#ifdef __FreeBSD__	109	+#ifdef __FreeBSD__
110	+ {	110	+ {
111	+ int ret = 0;	111	+ int ret = 0;
112	+ struct pcap_pkthdr * packet_hdr_p;	112	+ struct pcap_pkthdr * packet_hdr_p;
113	+	113	+
114	+ while (ret == 0) {	114	+ while (ret == 0) {
115	+ ret = pcap_next_ex (cap, &packet_hdr_p, (const u_char **)&p) ;	115	+ ret = pcap_next_ex (cap, &packet_hdr_p, (const u_char **)&p) ;
116	+ packet_hdr = *packet_hdr_p;	116	+ packet_hdr = *packet_hdr_p;
117	+ if (ret < 0) {	117	+ if (ret < 0) {
118	+ p = NULL;	118	+ p = NULL;
119	+ }	119	+ }
120	+ }	120	+ }
121	+ }	121	+ }
122	+#else	122	+#else
123	p = (unsigned char*)pcap_next (cap, &packet_hdr) ;	123	p = (unsigned char*)pcap_next (cap, &packet_hdr) ;
124	+#endif	124	+#endif
125	if (p == NULL) {	125	if (p == NULL) {
126	WARNX "manage_firewall got null from 'pcap_next'. Exiting.") ;	126	WARNX "manage_firewall got null from 'pcap_next': %s Exiting.",
127	exit (1) ;	127	pcap_geterr(G_cap)) ;
128	@@ -1222,9 +1300,13 @@	128	@@ -1300,9 +1378,13 @@
129	croak (errno, "Can't get interface address of %s", device) ;	129	croak (errno, "Can't get interface address of %s", device) ;
130	}	130	}
131		131
132	+#ifdef __FreeBSD__	132	+#ifdef __FreeBSD__
133	+ hdr_len = open_a_pcap (device, 1000, &G_cap, "udp and port %d and dst %s",	133	+ hdr_len = open_a_pcap (device, 1000, &G_cap, "udp and port %d and dst %s",
134	+ port, interface_ip) ;	134	+ port, interface_ip) ;
135	+#else	135	+#else
136	hdr_len = open_a_pcap (device, 0, &G_cap, "udp and port %d and dst %s",	136	hdr_len = open_a_pcap (device, 0, &G_cap, "udp and port %d and dst %s",
137	port, interface_ip) ;	137	port, interface_ip) ;
138	-	138	-
139	+#endif	139	+#endif
140	if (G_reconfigure) {	140	if (G_reconfigure) {
141	G_reconfigure = FALSE ;	141	G_reconfigure = FALSE ;
142	NOTICE "reconfigured.") ;	142	NOTICE "reconfigured.") ;
143	@@ -1252,7 +1334,22 @@	143	@@ -1330,9 +1412,22 @@
144	char src_addr_buff[16] ;	144	char src_addr_buff[16] ;
145		145
146	errno = 0 ;	146	errno = 0 ;
147	+#ifdef __FreeBSD__	147	- netdown_count = 0 ;
148	+ {	148	-
149	+ int ret = 0;	149	+#ifdef __FreeBSD__
150	+ struct pcap_pkthdr * packet_hdr_p;	150	+ {
151	+	151	+ int ret = 0;
152	+ while (ret == 0) {	152	+ struct pcap_pkthdr * packet_hdr_p;
153	+ ret = pcap_next_ex (G_cap, &packet_hdr_p, (const u_char **)&p) ;	153	+
154	+ packet_hdr = *packet_hdr_p;	154	+ while (ret == 0) {
155	+ if (ret < 0) {	155	+ ret = pcap_next_ex (G_cap, &packet_hdr_p, (const u_char **)&p) ;
156	+ p = NULL;	156	+ packet_hdr = *packet_hdr_p;
157	+ }	157	+ if (ret < 0) {
158	+ }	158	+ p = NULL;
159	+ }	159	+ }
160	+#else	160	+ }
161	p = (unsigned char *)pcap_next (G_cap, &packet_hdr) ;	161	+ }
162	+#endif	162	+#else
163	if (G_reconfigure) {	163	p = (unsigned char *)pcap_next (G_cap, &packet_hdr) ;
164	if (daemonize) err_closelog() ;	164	+#endif
165	goto reconfigure ;	165	if (G_reconfigure) {
		166	if (daemonize) err_closelog() ;
		167	goto reconfigure ;