SecBSD's official ports repository

net/tcpflow/Makefile

@@ -0,0 +1,17 @@
+COMMENT=	tool for capturing data from TCP connections
+
+DISTNAME=	tcpflow-0.21
+REVISION=	2
+CATEGORIES=	net
+MASTER_SITES=	http://www.circlemud.org/pub/jelson/tcpflow/
+
+HOMEPAGE=       http://www.circlemud.org/~jelson/software/tcpflow/
+
+# GPLv2
+PERMIT_PACKAGE=	Yes
+
+WANTLIB=		c pcap 
+
+CONFIGURE_STYLE=        gnu
+
+.include <bsd.port.mk>

net/tcpflow/distinfo

@@ -0,0 +1,2 @@
+SHA256 (tcpflow-0.21.tar.gz) = FpKL2XIcDeaFtmNl0yC81SqXpO3w4Qh2VK2Ns3nRlGk=
+SIZE (tcpflow-0.21.tar.gz) = 79369

net/tcpflow/patches/patch-doc_tcpflow_1_in

@@ -0,0 +1,35 @@
+--- doc/tcpflow.1.in.orig	Mon Feb 26 15:01:30 2001
++++ doc/tcpflow.1.in	Mon Aug 11 11:07:02 2003
+@@ -32,7 +32,7 @@ tcpflow \- TCP flow recorder 
+ is a program that captures data transmitted as part of TCP connections
+ (flows), and stores the data in a way that is convenient for protocol
+ analysis or debugging.  A program like
+-.IR tcpdump(4)
++.IR tcpdump(8)
+ shows a summary of packets seen on the wire, but usually doesn't store
+ the data that's actually being transmitted.  In contrast, tcpflow
+ reconstructs the actual data streams and stores each flow in a
+@@ -109,7 +109,7 @@ already be in promiscuous mode for some 
+ Read from file.  Read packets from \fIfile\fP, which was created using the
+ .B \-w
+ option of
+-.IR tcpdump (1).
++.IR tcpdump (8).
+ Standard input is used if \fIfile\fP is ``-''.
+ Note that for this option to be useful, tcpdump's
+ .B \-s
+@@ -132,7 +132,7 @@ The
+ specified on the command-line specifies which packets should be
+ captured.  Because tcpflow uses the the libpcap library, tcpflow has
+ the same powerful filtering language available as programs such as
+-.IR tcpdump (1).
++.IR tcpdump (8).
+ .LP
+ .B The following part of the man page is excerpted from the tcpdump man page.
+ .LP
+@@ -539,4 +539,4 @@ The current version of this software is 
+ .I http://www.circlemud.org/~jelson/software/tcpflow
+ .RE
+ .SH "SEE ALSO"
+-tcpdump(1), nit(4P), bpf(4), pcap(3)
++tcpdump(8), nit(4P), bpf(4), pcap(3)

net/tcpflow/patches/patch-src_datalink_c

@@ -0,0 +1,39 @@
+--- src/datalink.c.orig	Fri Mar 29 23:19:03 2002
++++ src/datalink.c	Wed May 13 10:41:44 2009
+@@ -137,7 +137,26 @@ void dl_ppp(u_char *user, const struct pcap_pkthdr *h,
+   process_ip(p + PPP_HDRLEN, caplen - PPP_HDRLEN);
+ }
+ 
++#define	PPP_ETHER_HDRLEN 8
+ 
++void dl_ppp_ether(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
++{
++  u_int caplen = h->caplen;
++  u_int length = h->len;
++
++  if (length != caplen) {
++    DEBUG(6) ("warning: only captured %d bytes of %d byte PPPoE frame",
++	  caplen, length);
++  }
++
++  if (caplen < PPP_ETHER_HDRLEN) {
++    DEBUG(6) ("warning: received incomplete PPP frame");
++    return;
++  }
++
++  process_ip(p + PPP_ETHER_HDRLEN, caplen - PPP_ETHER_HDRLEN);
++}
++
+ /* DLT_RAW: just a raw IP packet, no encapsulation or link-layer
+  * headers.  Used for PPP connections under some OSs including Linux
+  * and IRIX. */
+@@ -188,7 +207,9 @@ pcap_handler find_handler(int datalink_type, char *dev
+ #endif
+     { dl_ethernet, DLT_EN10MB },
+     { dl_ethernet, DLT_IEEE802 },
++    { dl_null, DLT_LOOP },
+     { dl_ppp, DLT_PPP },
++    { dl_ppp_ether, DLT_PPP_ETHER },
+ #ifdef DLT_LINUX_SLL
+     { dl_linux_sll, DLT_LINUX_SLL },
+ #endif

net/tcpflow/patches/patch-src_main_c

@@ -0,0 +1,11 @@
+--- src/main.c.orig	Thu Aug  7 00:35:24 2003
++++ src/main.c	Mon Aug 11 11:04:03 2003
+@@ -80,7 +80,7 @@ void print_usage(char *progname)
+   fprintf(stderr, "%s version %s by Jeremy Elson <jelson@circlemud.org>\n\n",
+ 		 PACKAGE, VERSION);
+   fprintf(stderr, "usage: %s [-chpsv] [-b max_bytes] [-d debug_level] [-f max_fds]\n", progname);
+-  fprintf(stderr, "          [-i iface] [-w file] [expression]\n\n");
++  fprintf(stderr, "          [-i iface] [-r file] [expression]\n\n");
+   fprintf(stderr, "        -b: max number of bytes per flow to save\n");
+   fprintf(stderr, "        -c: console print only (don't create files)\n");
+   fprintf(stderr, "        -d: debug level; default is %d\n", DEFAULT_DEBUG_LEVEL);

net/tcpflow/patches/patch-src_util_c

@@ -0,0 +1,20 @@
+--- src/util.c.orig	Wed Aug  8 12:39:40 2001
++++ src/util.c	Mon Aug 11 11:06:15 2003
+@@ -65,7 +65,7 @@ void *check_malloc(size_t size)
+ void init_debug(char *argv[])
+ {
+   debug_prefix = MALLOC(char, strlen(argv[0]) + 16);
+-  sprintf(debug_prefix, "%s[%d]", argv[0], (int) getpid());
++  snprintf(debug_prefix, (strlen(argv[0]) +16), "%s[%d]", argv[0], (int) getpid());
+ }
+ 
+ 
+@@ -144,7 +144,7 @@ char *flow_filename(flow_t flow)
+ 
+   ring_pos = (ring_pos + 1) % RING_SIZE;
+ 
+-  sprintf(ring_buffer[ring_pos],
++  snprintf(ring_buffer[ring_pos], sizeof(ring_buffer[ring_pos]),
+ 	  "%03d.%03d.%03d.%03d.%05d-%03d.%03d.%03d.%03d.%05d",
+ 	  (u_int8_t) ((flow.src & 0xff000000) >> 24),
+ 	  (u_int8_t) ((flow.src & 0x00ff0000) >> 16),

net/tcpflow/pkg/DESCR

@@ -0,0 +1,12 @@
+tcpflow is a program that captures data transmitted as part of TCP
+connections (flows), and stores it in a way that is convenient for
+protocol analysis or debugging.  A program like 'tcpdump' only shows a
+summary of packets seen on the wire, but usually doesn't store the
+data that's actually being transmitted.  In contrast, tcpflow
+reconstructs the actual data streams and stores each flow in a
+separate file for later analysis.
+
+tcpflow understands sequence numbers and will correctly reconstruct
+data streams regardless of retransmissions or out-of-order delivery.
+However, it currently does not understand IP fragments; flows
+containing IP fragments will not be recorded properly.

net/tcpflow/pkg/PLIST

@@ -0,0 +1,2 @@
+@bin bin/tcpflow
+@man man/man1/tcpflow.1