packages/arpwatch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update arpwatch version to 3.3

Browse Source
This commit is contained in:
yangl777 2023-10-26 19:33:22 +08:00
parent aebfb3272b
commit b95553a554
34 changed files with 630 additions and 21133 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
arpwatch-2.1a10-man.patch
View File

@ -1,33 +0,0 @@
diff -uNr arpwatch-2.1a10/arpsnmp.8 arpwatch-2.1a10.man/arpsnmp.8
--- arpwatch-2.1a10/arpsnmp.8 Sun Sep 17 23:34:48 2000
+++ arpwatch-2.1a10.man/arpsnmp.8 Sun Dec 31 02:00:54 2000
@@ -41,7 +41,7 @@
and reports certain changes via email.
.B Arpsnmp
reads information from a file (usually generated by
-.BR snmpwalk (8)).
+.BR snmpwalk (1)).
.LP
The
.B -d
@@ -62,9 +62,9 @@
.LP
.SH "REPORT MESSAGES"
(See the
-.BR arpwatch (1)
+.BR arpwatch (8)
man page for details on the report messages generated by
-.BR arpsnmp (1).)
+.BR arpsnmp (8).)
.SH FILES
.na
.nh
@@ -79,7 +79,7 @@
.na
.nh
.BR arpwatch (8),
-.BR snmpwalk (8),
+.BR snmpwalk (1),
.BR arp (8)
.ad
.hy

20
arpwatch-2.1a15-bogon.patch
View File

@ -1,20 +0,0 @@
--- arpwatch-2.1a15/arpwatch.c.bogon 2007-08-09 13:53:47.000000000 +0200
+++ arpwatch-2.1a15/arpwatch.c 2007-08-09 13:58:17.000000000 +0200
@@ -730,11 +730,12 @@ addnet(register const char *str)
/* XXX hack */
n = ntohl(inet_addr(tstr));
- while ((n & 0xff000000) == 0) {
- n <<= 8;
- if (n == 0)
- return (0);
- }
+ if (n || width != 32)
+ while ((n & 0xff000000) == 0) {
+ n <<= 8;
+ if (n == 0)
+ return (0);
+ }
n = htonl(n);
if (width != 0) {

118
arpwatch-2.1a15-devlookup.patch
View File

@ -1,118 +0,0 @@
--- arpwatch-2.1a15-dist/arpwatch.c 2012-07-23 09:55:35.832458313 +0200
+++ arpwatch-2.1a15-new/arpwatch.c 2012-07-24 11:36:59.013953071 +0200
@@ -161,15 +161,63 @@ void dropprivileges(const char* user)
syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
}
+char *
+get_first_dev(pcap_t **pd, int *linktype, char *errbuf)
+{
+ static char interface[IF_NAMESIZE + 1];
+ register int snaplen, timeout;
+ pcap_if_t *alldevs;
+ pcap_if_t *dev;
+ char *ret = NULL;
+
+ snaplen = max(sizeof(struct ether_header),
+ sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+ timeout = 1000;
+
+ if (pcap_findalldevs(&alldevs, errbuf) == -1) {
+ (void)fprintf(stderr, "%s: lookup_device: %s\n",
+ prog, errbuf);
+ exit(1);
+ }
+
+ for (dev = alldevs; dev; dev = dev->next) {
+ strncpy(interface, dev->name, strlen(dev->name)+1);
+
+ *pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+ if (*pd == NULL) {
+ syslog(LOG_ERR, "pcap open %s: %s, trying next...", interface, errbuf);
+ continue;
+ /* exit(1); */
+ }
+
+ *linktype = pcap_datalink(*pd);
+ /* Must be ethernet or fddi */
+ if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
+ syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi, trying next...",
+ interface, *linktype);
+ pcap_close(*pd);
+ }
+ else {
+ /* First match, use it */
+ ret = interface;
+ break;
+ }
+
+ }
+ pcap_freealldevs(alldevs);
+ return (ret);
+}
+
int
main(int argc, char **argv)
{
register char *cp;
- register int op, pid, snaplen, timeout, linktype, status;
+ register int op, pid, status;
+ int linktype;
#ifdef TIOCNOTTY
register int fd;
#endif
- register pcap_t *pd;
+ pcap_t *pd;
register char *interface, *rfilename;
struct bpf_program code;
char errbuf[PCAP_ERRBUF_SIZE];
@@ -189,6 +237,7 @@ main(int argc, char **argv)
opterr = 0;
interface = NULL;
+ linktype = -1;
rfilename = NULL;
pd = NULL;
while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
@@ -264,11 +313,12 @@ main(int argc, char **argv)
net = 0;
netmask = 0;
} else {
+
/* Determine interface if not specified */
if (interface == NULL &&
- (interface = pcap_lookupdev(errbuf)) == NULL) {
- (void)fprintf(stderr, "%s: lookup_device: %s\n",
- prog, errbuf);
+ (interface = get_first_dev(&pd, &linktype, errbuf)) == NULL) {
+ (void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
+ prog);
exit(1);
}
@@ -317,10 +367,6 @@ main(int argc, char **argv)
}
swapped = pcap_is_swapped(pd);
} else {
- snaplen = max(sizeof(struct ether_header),
- sizeof(struct fddi_header)) + sizeof(struct ether_arp);
- timeout = 1000;
- pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
if (pd == NULL) {
syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
exit(1);
@@ -340,14 +386,6 @@ main(int argc, char **argv)
dropprivileges( serveruser );
}
- /* Must be ethernet or fddi */
- linktype = pcap_datalink(pd);
- if (linktype != DLT_EN10MB && linktype != DLT_FDDI) {
- syslog(LOG_ERR, "Link layer type %d not ethernet or fddi",
- linktype);
- exit(1);
- }
-
/* Compile and install filter */
if (pcap_compile(pd, &code, "arp or rarp", 1, netmask) < 0) {
syslog(LOG_ERR, "pcap_compile: %s", pcap_geterr(pd));

12
arpwatch-2.1a15-dropgroup.patch
View File

@ -1,12 +0,0 @@
diff -up arpwatch-2.1a15/arpwatch.c.dropgroup arpwatch-2.1a15/arpwatch.c
--- arpwatch-2.1a15/arpwatch.c.dropgroup 2012-05-31 11:47:13.327901902 +0200
+++ arpwatch-2.1a15/arpwatch.c 2012-05-31 11:48:04.859900061 +0200
@@ -147,7 +147,7 @@ void dropprivileges(const char* user)
struct passwd* pw;
pw = getpwnam( user );
if ( pw ) {
- if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
+ if ( setgid(pw->pw_gid) != 0 || setgroups(0, NULL) != 0 ||
setuid(pw->pw_uid) != 0 ) {
syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
pw->pw_uid, pw->pw_gid);

173
arpwatch-2.1a15-extraman.patch
View File

@ -1,173 +0,0 @@
diff -up arpwatch-2.1a15/Makefile.in.extraman arpwatch-2.1a15/Makefile.in
--- arpwatch-2.1a15/Makefile.in.extraman 2009-12-14 18:01:27.000000000 +0100
+++ arpwatch-2.1a15/Makefile.in 2010-03-30 15:11:30.000000000 +0200
@@ -118,6 +118,10 @@ install-man: force
$(DESTDIR)$(MANDEST)/man8
$(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
$(DESTDIR)$(MANDEST)/man8
+ $(INSTALL) -m 644 $(srcdir)/arp2ethers.8 \
+ $(DESTDIR)$(MANDEST)/man8
+ $(INSTALL) -m 644 $(srcdir)/massagevendor.8 \
+ $(DESTDIR)$(MANDEST)/man8
lint: $(GENSRC) force
lint -hbxn $(SRC) | \
diff -up arpwatch-2.1a15/arp2ethers.8.extraman arpwatch-2.1a15/arp2ethers.8
--- arpwatch-2.1a15/arp2ethers.8.extraman 2010-03-30 15:12:37.000000000 +0200
+++ arpwatch-2.1a15/arp2ethers.8 2010-03-30 15:53:01.000000000 +0200
@@ -0,0 +1,60 @@
+.TH ARP2ETHERS 8
+.SH NAME
+arp2ethers \- convert arpwatch address database to ethers file format
+.SH SYNOPSIS
+.na
+.B arp2ethers
+.ad
+.SH "DESCRIPTION"
+.B arp2ethers
+converts file
+.IR arp.dat
+in the current directory into
+.BR ethers(5)
+format on
+.IR stdout .
+Usually
+.IR arp.dat
+is an ethernet/ip database file generated by
+.BR arpwatch(8) .
+The arpwatch daemon in Debian will create different
+.IR arp.dat
+depending on its configuration. All of them will be available at
+.IR /var/lib/arpwatch/ .
+.SH FILES
+.na
+.nh
+.nf
+/var/lib/arpwatch - default directory for arp.dat
+arp.dat - ethernet/ip address database
+.ad
+.hy
+.fi
+.SH "SEE ALSO"
+.na
+.nh
+.BR arpwatch (8),
+.BR ethers (5),
+.BR rarp (8),
+.BR arp (8),
+.ad
+.hy
+.SH BUGS
+Please send bug reports to arpwatch@ee.lbl.gov.
+.SH AUTHORS
+.LP
+Original version by Craig Leres of the Lawrence Berkeley
+National Laboratory Network Research Group, University of
+California, Berkeley, CA.
+.LP
+Modified for the Debian Project by Peter Kelemen, with
+additions from Erik Warmelink.
+.LP
+The current version is available via anonymous ftp:
+.LP
+.RS
+.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
+.RE
+.LP
+This manual page was contributed by Hugo Graumann.
+
diff -up arpwatch-2.1a15/massagevendor.8.extraman arpwatch-2.1a15/massagevendor.8
--- arpwatch-2.1a15/massagevendor.8.extraman 2010-03-30 15:15:18.000000000 +0200
+++ arpwatch-2.1a15/massagevendor.8 2010-03-30 15:15:18.000000000 +0200
@@ -0,0 +1,91 @@
+.TH MASSAGEVENDOR 8
+.SH NAME
+massagevendor \- convert the ethernet vendor codes master list to arpwatch format
+.SH SYNOPSIS
+.na
+massagevendor
+.I vendorfile
+.SH "DESCRIPTION"
+.B massagevendor
+is a program that converts a text file containing ethernet vendor codes
+into a format suitable for use by
+.B arpwatch(8)
+and
+.B arpsnmp(8).
+The input
+.I vendorfile
+is a master text file containing vendor codes. The output
+is sent to
+.I stdout.
+Each line of the
+.I vendorfile
+is expected to have a six digit hexadecimal vendor code
+followed by spaces followed by the name of the manufacturer.
+.LP
+All ethernet devices have a unique identifier which
+includes a vendor code specifying the manufacturer of the
+device. In normal operation
+.B arpwatch(8)
+and
+.B arpsnmp(8)
+use the file
+.I ethercodes.dat
+to report this vendor code.
+.B massagevendor
+is used to generate the
+.I ethercodes.dat
+file from text files containing these vendor codes.
+.LP
+Locations where an ethernet vendor codes master text file
+can be obtained are given below.
+.SH FILES
+.na
+.nh
+.nf
+/var/lib/arpwatch - default location of the ethernet vendor list
+ethercodes.dat - file containing the list of ethernet vendor codes
+.ad
+.hy
+.fi
+.SH "SEE ALSO"
+.na
+.nh
+.BR arpwatch(8),
+.BR arpsnmp(8)
+.ad
+.hy
+.SH NOTES
+Sources for ethernet vendor codes seen in the wild are
+.LP
+.na
+.nh
+.nf
+.RS
+.I http://map-ne.com/Ethernet/vendor.html
+.I ftp://ftp.cavebear.com/pub/Ethernet.txt
+.I http://www.cavebear.com/CaveBear/Ethernet/vendor.html
+.RE
+.ad
+.hy
+.LP
+Useful for comparison or completeness are the
+ethernet vendor codes as assigned
+by the IEEE which can be found at
+.LP
+.RS
+.I http://standards.ieee.org/regauth/oui/oui.txt
+.RE
+.SH BUGS
+Please send bug reports to arpwatch@ee.lbl.gov.
+.SH AUTHORS
+Craig Leres of the
+Lawrence Berkeley National Laboratory Network Research Group,
+University of California, Berkeley, CA.
+.LP
+The current version is available via anonymous ftp:
+.LP
+.RS
+.I ftp://ftp.ee.lbl.gov/arpwatch.tar.gz
+.RE
+.LP
+This manual page was contributed by Hugo Graumann.

103
arpwatch-2.1a15-lookupiselect.patch
View File

@ -1,103 +0,0 @@
Note by jsynacek:
This patch should be rewritten. There's no reason to be using a static variable
and returning its content from a function (in iterate_dev()). Also, some things
should be simplified (like iterate_dev()).
diff -up ./arpwatch.c.iselect ./arpwatch.c
--- ./arpwatch.c.iselect 2012-10-15 16:01:24.701335291 +0200
+++ ./arpwatch.c 2012-10-15 16:07:18.626322639 +0200
@@ -162,50 +162,52 @@ void dropprivileges(const char* user)
}
char *
-get_first_dev(pcap_t **pd, int *linktype, char *errbuf)
+try_dev(char *interface, pcap_t **pd, int *linktype, char *errbuf)
{
- static char interface[IF_NAMESIZE + 1];
register int snaplen, timeout;
- pcap_if_t *alldevs;
- pcap_if_t *dev;
- char *ret = NULL;
snaplen = max(sizeof(struct ether_header),
sizeof(struct fddi_header)) + sizeof(struct ether_arp);
timeout = 1000;
- if (pcap_findalldevs(&alldevs, errbuf) == -1) {
- (void)fprintf(stderr, "%s: lookup_device: %s\n",
- prog, errbuf);
- exit(1);
+ *pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+ if (NULL == *pd) {
+ syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
+ return NULL;
}
+ *linktype = pcap_datalink(*pd);
+ /* Must be ethernet or fddi */
+ if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
+ syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi",
+ interface, *linktype);
+ pcap_close(*pd);
+ return NULL;
+ }
+ return interface;
+}
- for (dev = alldevs; dev; dev = dev->next) {
- strncpy(interface, dev->name, strlen(dev->name)+1);
-
- *pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
- if (*pd == NULL) {
- syslog(LOG_ERR, "pcap open %s: %s, trying next...", interface, errbuf);
- continue;
- /* exit(1); */
- }
+char *
+iterate_dev(char *arginterface, pcap_t **pd, int *linktype, char *errbuf)
+{
+ static char interface[64 + 1];
+ pcap_if_t *alldevs;
+ pcap_if_t *dev;
- *linktype = pcap_datalink(*pd);
- /* Must be ethernet or fddi */
- if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
- syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi, trying next...",
- interface, *linktype);
- pcap_close(*pd);
+ if (NULL != arginterface) {
+ return try_dev(arginterface, pd, linktype, errbuf);
+ } else {
+ if (pcap_findalldevs(&alldevs, errbuf) == -1) {
+ (void)fprintf(stderr, "%s: lookup_device: %s\n",
+ prog, errbuf);
+ exit(1);
}
- else {
- /* First match, use it */
- ret = interface;
- break;
+ for (dev = alldevs; dev && (arginterface == NULL); dev = dev->next) {
+ strncpy(interface, dev->name, strlen(dev->name)+1);
+ arginterface = try_dev(interface, pd, linktype, errbuf);
}
-
+ pcap_freealldevs(alldevs);
+ return arginterface;
}
- pcap_freealldevs(alldevs);
- return (ret);
}
int
@@ -315,8 +317,8 @@ main(int argc, char **argv)
} else {
/* Determine interface if not specified */
- if (interface == NULL &&
- (interface = get_first_dev(&pd, &linktype, errbuf)) == NULL) {
+ interface = iterate_dev(interface, &pd, &linktype, errbuf);
+ if (interface == NULL) {
(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
prog);
exit(1);

10
arpwatch-2.1a15-nolocalpcap.patch
View File

@ -1,10 +0,0 @@
--- arpwatch-2.1a15/configure.nolocalpcap 2006-06-21 22:32:38.000000000 +0200
+++ arpwatch-2.1a15/configure 2006-11-09 15:04:35.000000000 +0100
@@ -4956,6 +4956,7 @@
places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
for dir in $places ../libpcap libpcap ; do
+ break
basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
if test $lastdir = $basedir ; then
continue;

BIN
arpwatch-2.1a15.tar.gz
View File

Binary file not shown.

20
arpwatch-2.1a4-fhs.patch
View File

@ -1,20 +0,0 @@
--- arpwatch-2.1a4/Makefile.in.fhs Sun Jun 18 08:26:28 2000
+++ arpwatch-2.1a4/Makefile.in Sun Jun 18 08:27:21 2000
@@ -109,13 +109,13 @@
$(CC) $(CFLAGS) -o $@ zap.o intoa.o -lutil
install: force
- $(INSTALL) -m 555 -o bin -g bin arpwatch $(DESTDIR)$(BINDEST)
- $(INSTALL) -m 555 -o bin -g bin arpsnmp $(DESTDIR)$(BINDEST)
+ $(INSTALL) -m 755 arpwatch $(DESTDIR)$(BINDEST)
+ $(INSTALL) -m 755 arpsnmp $(DESTDIR)$(BINDEST)
install-man: force
- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpwatch.8 \
+ $(INSTALL) -m 644 $(srcdir)/arpwatch.8 \
$(DESTDIR)$(MANDEST)/man8
- $(INSTALL) -m 444 -o bin -g bin $(srcdir)/arpsnmp.8 \
+ $(INSTALL) -m 644 $(srcdir)/arpsnmp.8 \
$(DESTDIR)$(MANDEST)/man8
lint: $(GENSRC) force

17333
arpwatch-201301-ethcodes.patch
View File

File diff suppressed because it is too large Load Diff

23
arpwatch-3.1-all-zero-bogon.patch Normal file
View File

@ -0,0 +1,23 @@
RHBZ #244606: Correctly handle -n 0/32 to allow the user to disable reporting
bogons from 0.0.0.0.
diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
--- arpwatch-3.1-original/arpwatch.c 2019-11-30 13:35:23.000000000 -0500
+++ arpwatch-3.1/arpwatch.c 2020-11-07 12:10:53.357839069 -0500
@@ -814,10 +814,12 @@
/* XXX hack */
n = ntohl(inet_addr(tstr));
- while ((n & 0xff000000) == 0) {
- n <<= 8;
- if (n == 0)
- return (0);
+ if (n || width != 32) {
+ while ((n & 0xff000000) == 0) {
+ n <<= 8;
+ if (n == 0)
+ return (0);
+ }
}
n = htonl(n);

15
arpwatch-3.1-arp2ethers-sort-invocation.patch Normal file
View File

@ -0,0 +1,15 @@
Fix nonstandard sort flags (obsolete + notation for keys, available in some
BSDs for compatibility but non-POSIX and not supported by GNU sort).
diff -Naur arpwatch-3.1-original/arp2ethers arpwatch-3.1/arp2ethers
--- arpwatch-3.1-original/arp2ethers 2013-02-16 03:10:28.000000000 -0500
+++ arpwatch-3.1/arp2ethers 2020-11-07 11:22:04.762234105 -0500
@@ -13,7 +13,7 @@
# - sort
#
-sort +2rn arp.dat |
+sort -k 2 -rn arp.dat |
awk 'NF == 4 { print }' |
awk -f p.awk |
egrep -v '\.[0-9][0-9]*$' |

11
arpwatch-3.1-arpfetch-stray-rm.patch Normal file
View File

@ -0,0 +1,11 @@
Fix stray rm (of an undefined variable).
diff -Naur arpwatch-3.1-original/arpfetch arpwatch-3.1/arpfetch
--- arpwatch-3.1-original/arpfetch 2013-02-16 03:10:28.000000000 -0500
+++ arpwatch-3.1/arpfetch 2020-11-07 11:22:59.344575624 -0500
@@ -29,5 +29,3 @@
ea = $2
print ea "\t" ip
}'
-
-rm -f ${t1}

15
arpwatch-3.1-configure-no-local-pcap.patch Normal file
View File

@ -0,0 +1,15 @@
Do not attempt to search for local libpcap libraries lying around in the parent
of the build directory, or anywhere else random. This is not expected to
succeed anyway, but it is better to be sure.
diff -Naur arpwatch-3.1-original/configure arpwatch-3.1/configure
--- arpwatch-3.1-original/configure 2020-04-05 20:22:04.000000000 -0400
+++ arpwatch-3.1/configure 2020-11-07 11:59:40.114550004 -0500
@@ -5437,6 +5437,7 @@
places=`ls .. | sed -e 's,/$,,' -e 's,^,../,' | \
egrep '/libpcap-[0-9]*\.[0-9]*(\.[0-9]*)?([ab][0-9]*)?$'`
for dir in $places ../libpcap libpcap ; do
+ break
basedir=`echo $dir | sed -e 's/[ab][0-9]*$//'`
if test $lastdir = $basedir ; then
continue;

145
arpwatch-3.1-devlookup.patch Normal file
View File

@ -0,0 +1,145 @@
When -i is not given, iterate all available devices until a usable one is found
instead of just trying the first one and giving up if it is not usable. See
RHBZ #842660.
Additionally, handle the case where a device provides both supported and
unsupported datalink types.
diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
--- arpwatch-3.1-original/arpwatch.c 2019-11-30 13:35:23.000000000 -0500
+++ arpwatch-3.1/arpwatch.c 2021-04-24 09:02:50.762535242 -0400
@@ -161,6 +161,8 @@
RETSIGTYPE die(int);
int isbogon(u_int32_t);
int main(int, char **);
+int try_open_live(pcap_t ** pd_ptr, char const * interface_name,
+ int promiscuous_enable);
void process_ether(u_char *, const struct pcap_pkthdr *, const u_char *);
void process_fddi(u_char *, const struct pcap_pkthdr *, const u_char *);
int readsnmp(char *);
@@ -177,7 +179,7 @@
int op, snaplen, timeout, linktype, status;
pcap_t *pd;
FILE *fp;
- pcap_if_t *alldevs;
+ pcap_if_t *alldevs, *dev;
char *interface, *rfilename;
struct bpf_program code;
char errbuf[PCAP_ERRBUF_SIZE];
@@ -309,13 +311,18 @@
"%s: pcap_findalldevs: %s\n", prog, errbuf);
exit(1);
}
- if (alldevs == NULL) {
+ for (dev = alldevs; dev; dev = dev->next) {
+ if (try_open_live(&pd, dev->name, promisc)) {
+ interface = savestr(alldevs->name);
+ break;
+ }
+ }
+ pcap_freealldevs(alldevs);
+ if (interface == NULL) {
(void)fprintf(stderr, "%s: pcap_findalldevs:"
" no suitable devices found\n", prog);
exit(1);
}
- interface = savestr(alldevs->name);
- pcap_freealldevs(alldevs);
#else
if (interface = pcap_lookupdev(errbuf)) == NULL) {
(void)fprintf(stderr,
@@ -354,15 +361,12 @@
}
swapped = pcap_is_swapped(pd);
} else {
- snaplen = max(sizeof(struct ether_header),
- sizeof(struct fddi_header)) + sizeof(struct ether_arp);
- timeout = 1000;
- pd = pcap_open_live(interface, snaplen, promisc, timeout,
- errbuf);
if (pd == NULL) {
- lg(LOG_ERR, "pcap open %s: %s", interface, errbuf);
- exit(1);
+ if (!try_open_live(&pd, interface, promisc)) {
+ exit(1);
+ }
}
+ /* else pd was already opened based on pcap_findalldevs */
#ifdef WORDS_BIGENDIAN
swapped = 1;
#endif
@@ -452,6 +456,74 @@
exit(0);
}
+int
+try_open_live(pcap_t ** pd_ptr, char const * interface_name, int promiscuous_enable) {
+ /* Attempt to open an interface and set up a supported datalink type;
+ * return nonzero on success and zero on failure (and log a message).
+ */
+ int snaplen, timeout, n_datalinks, datalink_i;
+ int * datalinks, datalink;
+ char errbuf[PCAP_ERRBUF_SIZE];
+
+ snaplen = max(sizeof(struct ether_header),
+ sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+ timeout = 1000;
+ datalinks = NULL;
+
+ /* Just in case... */
+ if (*pd_ptr != NULL) {
+ pcap_close(*pd_ptr);
+ *pd_ptr = NULL;
+ }
+
+ *pd_ptr = pcap_open_live(interface_name, snaplen, promiscuous_enable,
+ timeout, errbuf);
+ if (*pd_ptr == NULL) {
+ lg(LOG_ERR, "pcap open %s: %s", interface_name, errbuf);
+ goto fail;
+ }
+
+ /* Must be able to select an ethernet or fddi datalink */
+ n_datalinks = pcap_list_datalinks(*pd_ptr, &datalinks);
+ if (n_datalinks < 0) {
+ lg(LOG_ERR, "pcap_list_datalinks %s: %s", interface_name,
+ pcap_geterr(*pd_ptr));
+ goto fail;
+ }
+ for (datalink_i = 0; datalink_i < n_datalinks; ++datalink_i) {
+ switch (datalinks[datalink_i]) {
+ case DLT_EN10MB:
+ case DLT_FDDI:
+ break;
+ default:
+ continue; /* unsupported; try the next datalink */
+ }
+ if (pcap_set_datalink(*pd_ptr, datalinks[datalink_i]) != 0) {
+ lg(LOG_ERR, "pcap_set_datalink %s %d: %s",
+ interface_name, datalinks[datalink_i],
+ pcap_geterr(*pd_ptr));
+ continue;
+ }
+ break; /* success */
+ }
+ if (datalink_i >= n_datalinks) {
+ lg(LOG_ERR, "no ethernet or fddi datalink for %s",
+ interface_name);
+ goto fail;
+ }
+
+ free(datalinks);
+ return 1; /* success */
+
+fail:
+ if (*pd_ptr != NULL) {
+ pcap_close(*pd_ptr);
+ *pd_ptr = NULL;
+ }
+ free(datalinks);
+ return 0; /* failure */
+}
+
/* Process an ethernet arp/rarp packet */
void
process_ether(u_char *u, const struct pcap_pkthdr *h, const u_char *p)

15
arpwatch-3.1-exitcode.patch Normal file
View File

@ -0,0 +1,15 @@
When arpwatch is terminated cleanly by a signal (INT/TERM/HUP) handler, the
exit code should be zero for success instead of nonzero for failure.
diff -Naur arpwatch-3.1-original/arpwatch.c arpwatch-3.1/arpwatch.c
--- arpwatch-3.1-original/arpwatch.c 2019-11-30 13:35:23.000000000 -0500
+++ arpwatch-3.1/arpwatch.c 2020-11-08 12:55:51.429575973 -0500
@@ -892,7 +892,7 @@
lg(LOG_DEBUG, "exiting");
checkpoint(0);
- exit(1);
+ exit(0);
}
RETSIGTYPE

76
arpwatch-3.1-man-references.patch Normal file
View File

@ -0,0 +1,76 @@
Fix section numbers in man page cross-references. With minor changes, this
patch dates all the way back to arpwatch-2.1a4-man.patch, from RHBZ#15442.
diff -Naur arpwatch-3.1-original/arpsnmp.8.in arpwatch-3.1/arpsnmp.8.in
--- arpwatch-3.1-original/arpsnmp.8.in 2019-12-01 14:01:07.000000000 -0500
+++ arpwatch-3.1/arpsnmp.8.in 2020-11-05 15:13:01.296113145 -0500
@@ -45,7 +45,7 @@
and reports certain changes via email.
.Nm
reads information from a file (usually generated by
-.Xr snmpwalk 3 ) .
+.Xr snmpwalk 1 ) .
.Pp
The format of the input file is the same as
.Ar arp.dat ;
@@ -119,9 +119,9 @@
.Pp
.Sh "REPORT MESSAGES"
See the
-.Xr arpwatch 1
+.Xr arpwatch 8
man page for details on the report messages generated by
-.Xr arpsnmp 1 .
+.Xr arpsnmp 8 .
.Sh FILES
.Bl -tag -width ".Pa /usr/local/arpwatch" -compact
.It Pa /usr/local/arpwatch
@@ -132,7 +132,7 @@
vendor ethernet block list
.Sh "SEE ALSO"
.Xr arpwatch 8 ,
-.Xr snmpwalk 8 ,
+.Xr snmpwalk 1 ,
.Xr arp 8 ,
.Sh AUTHORS
.An Craig Leres
diff -Naur arpwatch-3.1-original/arpwatch.8.in arpwatch-3.1/arpwatch.8.in
--- arpwatch-3.1-original/arpwatch.8.in 2019-12-01 14:01:07.000000000 -0500
+++ arpwatch-3.1/arpwatch.8.in 2020-11-05 15:14:12.117564292 -0500
@@ -117,9 +117,9 @@
.Fl r
flag is used to specify a savefile
(perhaps created by
-.Xr tcpdump 1
+.Xr tcpdump 8
or
-.Xr pcapture 1 )
+.Xr pcapture 8 )
to read from instead
of reading from the network. In this case
.Nm
@@ -163,9 +163,9 @@
.Pp
.Sh "REPORT MESSAGES"
Here's a quick list of the report messages generated by
-.Xr arpwatch 1
+.Xr arpwatch 8
(and
-.Xr arpsnmp 1 ) :
+.Xr arpsnmp 8 ) :
.Pp
.Bl -tag -width xxx
.It Ic "new activity"
@@ -216,9 +216,9 @@
.Sh "SEE ALSO"
.Xr arpsnmp 8 ,
.Xr arp 8 ,
-.Xr bpf 4 ,
-.Xr tcpdump 1 ,
-.Xr pcapture 1 ,
+.Xr bpf 2 ,
+.Xr tcpdump 8 ,
+.Xr pcapture 8 ,
.Xr pcap 3
.Sh AUTHORS
.An Craig Leres

146
arpwatch-3.2-change-user.patch Normal file
View File

@ -0,0 +1,146 @@
Add, and document, a -u argument to change to a specified unprivileged user
after establishing sockets.
This patch rebases and combines arpwatch-drop.patch, which provided -u;
arpwatch-drop-man.patch, which documented it; and
arpwatch-2.1a15-dropgroup.patch, which fixed CVE-2012-2653 (RHBZ #825328) in
the original arpwatch-drop.patch, into a single combined patch. It also removes
an unnecessary and unchecked strdup() in the original patch that could have
theoretically led to a null pointer dereference.
diff -Naur arpwatch-3.2-original/arpwatch.8.in arpwatch-3.2/arpwatch.8.in
--- arpwatch-3.2-original/arpwatch.8.in 2021-12-14 19:47:54.000000000 -0500
+++ arpwatch-3.2/arpwatch.8.in 2021-12-16 08:18:21.803266980 -0500
@@ -43,6 +43,7 @@
.Op Fl n Ar net[/width]
.Op Fl x Ar net[/width]
.Op Fl r Ar file
+.Op Fl u Ar username
.Sh DESCRIPTION
.Nm
keeps track of ethernet/ip address pairings. It syslogs activity
@@ -137,13 +138,30 @@
Note that an empty
.Ar arp.dat
file must be created before the first time you run
-.Fl arpwatch .
+.Nm .
+Also, the default directory (where
+.Ar arp.dat
+is stored) must be owned by
+.Ar username
+if the
+.Fl u
+flag is used.
.Pp
The
.Fl s
flag suppresses reports sent by email.
.Pp
The
+.Fl u
+flag causes
+.Nm
+to drop root privileges and change user ID to
+.Ar username
+and group ID to that of the primary group of
+.Ar username .
+This is recommended for security reasons.
+.Pp
+The
.Fl v
flag disables the reporting of VRRP/CARP ethernet prefixes as
described in RFC5798 (@MACZERO@0:@MACZERO@0:5e:@MACZERO@0:@MACZERO@1:xx).
diff -Naur arpwatch-3.2-original/arpwatch.c arpwatch-3.2/arpwatch.c
--- arpwatch-3.2-original/arpwatch.c 2019-11-30 13:35:23.000000000 -0500
+++ arpwatch-3.2/arpwatch.c 2021-12-16 08:18:21.812267045 -0500
@@ -72,6 +72,8 @@
#include <syslog.h>
#include <unistd.h>
+#include <grp.h>
+#include <pwd.h>
#include <pcap.h>
#include "gnuc.h"
@@ -170,6 +172,24 @@
int toskip(u_int32_t);
void usage(void) __attribute__((noreturn));
+void dropprivileges(const char* user)
+{
+ struct passwd* const pw = getpwnam(user);
+ if (pw) {
+ if (setgid(pw->pw_gid) != 0 || setgroups(0, NULL) != 0 ||
+ setuid(pw->pw_uid) != 0) {
+ lg(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d",
+ user, pw->pw_uid, pw->pw_gid);
+ exit(1);
+ }
+ } else {
+ lg(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd",
+ user);
+ exit(1);
+ }
+ lg(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
+}
+
int
main(int argc, char **argv)
{
@@ -181,6 +201,7 @@
char *interface, *rfilename;
struct bpf_program code;
char errbuf[PCAP_ERRBUF_SIZE];
+ char* serveruser = NULL;
if (argv[0] == NULL)
prog = "arpwatch";
@@ -198,7 +219,7 @@
interface = NULL;
rfilename = NULL;
pd = NULL;
- while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZ")) != EOF)
+ while ((op = getopt(argc, argv, "CdD:Ff:i:n:NpP:qr:svw:W:x:zZu:")) != EOF)
switch (op) {
case 'C':
@@ -283,6 +304,17 @@
zeropad = 1;
break;
+ case 'u':
+ if (optarg) {
+ /* no need to strdup() a pointer into the
+ * original arguments vector */
+ serveruser = optarg;
+ } else {
+ fprintf(stderr, "%s: Need username after -u\n", prog);
+ usage();
+ }
+ break;
+
default:
usage();
}
@@ -379,6 +411,11 @@
}
}
+ /* Explicit user change (privilege drop) with -u? */
+ if (serveruser) {
+ dropprivileges(serveruser);
+ }
+
/*
* Revert to non-privileged user after opening sockets
* (not needed on most systems).
@@ -927,6 +964,7 @@
"usage: %s [-CdFNpqsvzZ] [-D arpdir] [-f datafile]"
" [-i interface]\n\t"
" [-P pidfile] [-w watcher@email] [-W watchee@email]\n\t"
- " [-n net[/width]] [-x net[/width]] [-r file]\n", prog);
+ " [-n net[/width]] [-x net[/width]] [-r file] [-u username]\n",
+ prog);
exit(1);
}

40
arpwatch-3.2-no-usr-local-path.patch Normal file
View File

@ -0,0 +1,40 @@
Do not add /usr/local/bin or /usr/local/sbin to the PATH in any scripts.
diff -Naur arpwatch-3.2-original/arpfetch arpwatch-3.2/arpfetch
--- arpwatch-3.2-original/arpfetch 2013-02-16 03:10:28.000000000 -0500
+++ arpwatch-3.2/arpfetch 2021-12-16 08:26:26.931846139 -0500
@@ -4,8 +4,6 @@
# arpfetch - collect arp data from a cisco using net-snmp
#
-export PATH="/usr/local/bin:${PATH}"
-
prog=`basename $0`
if [ $# -ne 2 ]; then
diff -Naur arpwatch-3.2-original/bihourly.sh arpwatch-3.2/bihourly.sh
--- arpwatch-3.2-original/bihourly.sh 2016-09-16 22:40:54.000000000 -0400
+++ arpwatch-3.2/bihourly.sh 2021-12-16 08:26:35.671910709 -0500
@@ -3,9 +3,6 @@
#
# bihourly arpwatch job
#
-PATH=${PATH}:/usr/local/sbin
-export PATH
-#
cd /usr/local/arpwatch
#
list="`cat list`"
diff -Naur arpwatch-3.2-original/update-ethercodes.sh.in arpwatch-3.2/update-ethercodes.sh.in
--- arpwatch-3.2-original/update-ethercodes.sh.in 2021-12-14 19:47:54.000000000 -0500
+++ arpwatch-3.2/update-ethercodes.sh.in 2021-12-16 08:26:16.309767665 -0500
@@ -6,9 +6,6 @@
prog="`basename $0`"
-PATH=/usr/local/bin:${PATH}
-export PATH
-
t1=/tmp/${prog}.1.$$
trap 'rm -f ${t1}; exit 1' 1 2 3 15 EXIT

17
arpwatch-3.3-c99.patch Normal file
View File

@ -0,0 +1,17 @@
diff --git a/dns.c b/dns.c
index 82106e1244f94aec..75cc27b6775649f7 100644
--- a/dns.c
+++ b/dns.c
@@ -115,10 +115,10 @@ gethinfo(char *hostname, char *cpu, int cpulen, char *os, int oslen)
(u_char *)cp, (char *)bp, buflen)) < 0)
break;
cp += n;
- type = _getshort(cp);
+ type = ns_get16(cp);
cp += sizeof(u_short); /* class */
cp += sizeof(u_short) + sizeof(u_int32_t);
- n = _getshort(cp);
+ n = ns_get16(cp);
cp += sizeof(u_short);
if (type == T_HINFO) {
/* Unpack */

BIN
arpwatch-3.3.tar.gz Normal file
View File

Binary file not shown.

2654
arpwatch-aarch64.patch
View File

File diff suppressed because it is too large Load Diff

54
arpwatch-add-sw64-architecture.patch Executable file → Normal file
View File

@ -1,7 +1,8 @@
diff -Nuar arpwatch-2.1a15.org/aclocal.m4 arpwatch-2.1a15.sw/aclocal.m4
--- arpwatch-2.1a15.org/aclocal.m4 2022-02-24 22:23:30.840000000 +0000
+++ arpwatch-2.1a15.sw/aclocal.m4 2022-02-24 22:25:13.280000000 +0000
@@ -567,7 +567,7 @@
diff --git a/aclocal.m4 b/aclocal.m4
index 9e8a3fc..23eec03 100644
--- a/aclocal.m4
+++ b/aclocal.m4
@@ -557,7 +557,7 @@ AC_DEFUN(AC_LBL_UNALIGNED_ACCESS,
AC_CACHE_VAL(ac_cv_lbl_unaligned_fail,
[case "$target_cpu" in
@ -10,40 +11,45 @@ diff -Nuar arpwatch-2.1a15.org/aclocal.m4 arpwatch-2.1a15.sw/aclocal.m4
ac_cv_lbl_unaligned_fail=yes
;;
diff -Nuar arpwatch-2.1a15.org/config.guess arpwatch-2.1a15.sw/config.guess
--- arpwatch-2.1a15.org/config.guess 2022-02-24 22:23:30.840000000 +0000
+++ arpwatch-2.1a15.sw/config.guess 2022-02-24 22:24:52.010000000 +0000
@@ -875,6 +875,14 @@
diff --git a/config.guess b/config.guess
index 0bb53ae..25050b6 100755
--- a/config.guess
+++ b/config.guess
@@ -900,6 +900,14 @@ EOF
UNAME_MACHINE=aarch64_be
echo ${UNAME_MACHINE}-unknown-linux-gnu
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
+ sw_64:Linux:*:*)
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ sw) UNAME_MACHINE=sw_64 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-sunway-linux-gnu${LIBC}
+ exit ;;
+ case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
+ sw) UNAME_MACHINE=sw_64 ;;
+ esac
+ objdump --private-headers /bin/sh | grep -q ld.so.1
+ if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi
+ echo ${UNAME_MACHINE}-sunway-linux-gnu${LIBC}
+ exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
diff -Nuar arpwatch-2.1a15.org/config.sub arpwatch-2.1a15.sw/config.sub
--- arpwatch-2.1a15.org/config.sub 2022-02-24 22:23:30.840000000 +0000
+++ arpwatch-2.1a15.sw/config.sub 2022-02-24 22:24:11.300000000 +0000
@@ -256,6 +256,7 @@
diff --git a/config.sub b/config.sub
index a5eae25..3d7f4e6 100755
--- a/config.sub
+++ b/config.sub
@@ -249,6 +249,7 @@ case $basic_machine in
1750a | 580 \
| a29k \
| aarch64 | aarch64_be \
+ | sw_64 \
+ | sw_64 \
| alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \
| am33_2.0 \
@@ -368,6 +369,7 @@
@@ -371,6 +372,7 @@ case $basic_machine in
580-* \
| a29k-* \
| aarch64-* | aarch64_be-* \
+ | sw_64-* \
+ | sw_64-* \
| alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \
| alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| alphapca5[67]-* | alpha64pca5[67]-* | amd64-* | arc-* | arceb-* \
--
2.33.0

232
arpwatch-addr.patch
View File

@ -1,232 +0,0 @@
--- arpwatch-2.1a11/addresses.h.in.addr Wed Jun 5 00:40:29 1996
+++ arpwatch-2.1a11/addresses.h.in Wed Jul 31 17:39:38 2002
@@ -1,2 +1,4 @@
#define WATCHER "root"
-#define WATCHEE "arpwatch (Arpwatch)"
+#define WATCHEE "root (Arpwatch)"
+extern char *watcher;
+extern char *watchee;
--- arpwatch-2.1a11/arpsnmp.8.addr Sun Sep 17 15:34:48 2000
+++ arpwatch-2.1a11/arpsnmp.8 Fri Aug 2 15:15:31 2002
@@ -30,6 +30,12 @@
] [
.B -f
.I datafile
+] [
+.B -e
+.I username
+] [
+.B -s
+.I username
]
.I file
[
@@ -59,6 +65,27 @@
.I arp.dat
file must be created before the first time you run
.BR arpsnmp .
+.LP
+If the
+.B -e
+flag is used,
+.B arpsnmp
+sends e-mail messages to
+.I username
+rather than the default (root).
+If a single `-' character is given for the username,
+sending of e-mail is suppressed,
+but logging via syslog is still done as usual.
+(This can be useful during initial runs, to collect data
+without being flooded with messages about new stations.)
+.LP
+If the
+.B -s
+flag is used,
+.B arpsnmp
+sends e-mail messages with
+.I username
+as the return address, rather than the default (root).
.LP
.SH "REPORT MESSAGES"
(See the
--- arpwatch-2.1a11/arpsnmp.c.addr Sun Jan 17 19:47:40 1999
+++ arpwatch-2.1a11/arpsnmp.c Fri Aug 2 15:17:16 2002
@@ -59,6 +59,7 @@
#include "file.h"
#include "machdep.h"
#include "util.h"
+#include "addresses.h"
/* Forwards */
int main(int, char **);
@@ -90,7 +91,7 @@
}
opterr = 0;
- while ((op = getopt(argc, argv, "df:")) != EOF)
+ while ((op = getopt(argc, argv, "df:e:s:")) != EOF)
switch (op) {
case 'd':
@@ -105,6 +106,24 @@
arpfile = optarg;
break;
+ case 'e':
+ if ( optarg ) {
+ watcher = strdup(optarg);
+ } else {
+ (void)fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
+ usage();
+ }
+ break;
+
+ case 's':
+ if ( optarg ) {
+ watchee = strdup(optarg);
+ } else {
+ (void)fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
+ usage();
+ }
+ break;
+
default:
usage();
}
@@ -184,6 +203,6 @@
(void)fprintf(stderr, "Version %s\n", version);
(void)fprintf(stderr,
- "usage: %s [-d] [-f datafile] file [...]\n", prog);
+ "usage: %s [-d] [-f datafile] [-e username] [-s username] file [...]\n", prog);
exit(1);
}
--- arpwatch-2.1a11/arpwatch.8.addr Thu Aug 1 13:45:36 2002
+++ arpwatch-2.1a11/arpwatch.8 Thu Aug 1 14:08:05 2002
@@ -46,6 +46,12 @@
] [
.B -u
.I username
+] [
+.B -e
+.I username
+] [
+.B -s
+.I username
]
.ad
.SH DESCRIPTION
@@ -106,6 +112,27 @@
and group ID to that of the primary group of
.IR username .
This is recommended for security reasons.
+.LP
+If the
+.B -e
+flag is used,
+.B arpwatch
+sends e-mail messages to
+.I username
+rather than the default (root).
+If a single `-' character is given for the username,
+sending of e-mail is suppressed,
+but logging via syslog is still done as usual.
+(This can be useful during initial runs, to collect data
+without being flooded with messages about new stations.)
+.LP
+If the
+.B -s
+flag is used,
+.B arpwatch
+sends e-mail messages with
+.I username
+as the return address, rather than the default (root).
.LP
Note that an empty
.I arp.dat
--- arpwatch-2.1a11/arpwatch.c.addr Thu Aug 1 13:45:36 2002
+++ arpwatch-2.1a11/arpwatch.c Thu Aug 1 13:47:35 2002
@@ -78,6 +78,7 @@
#include "machdep.h"
#include "setsignal.h"
#include "util.h"
+#include "addresses.h"
/* Some systems don't define these */
#ifndef ETHERTYPE_REVARP
@@ -190,7 +191,7 @@
interface = NULL;
rfilename = NULL;
pd = NULL;
- while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
+ while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
switch (op) {
case 'd':
@@ -232,6 +233,26 @@
}
break;
+ case 'e':
+ if ( optarg ) {
+ watcher = strdup(optarg);
+ }
+ else {
+ fprintf(stderr, "%s: Need recipient username/e-mail address after -e\n", prog);
+ usage();
+ }
+ break;
+
+ case 's':
+ if ( optarg ) {
+ watchee = strdup(optarg);
+ }
+ else {
+ fprintf(stderr, "%s: Need sender username/e-mail address after -s\n", prog);
+ usage();
+ }
+ break;
+
default:
usage();
}
@@ -784,6 +805,7 @@
(void)fprintf(stderr, "Version %s\n", version);
(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
- " [-n net[/width]] [-r file] [-u username]\n", prog);
+ " [-n net[/width]] [-r file] [-u username]"
+ " [-e username] [-s username]\n", prog);
exit(1);
}
--- arpwatch-2.1a11/report.c.addr Sat Sep 30 18:41:10 2000
+++ arpwatch-2.1a11/report.c Thu Aug 1 14:16:43 2002
@@ -70,6 +70,9 @@
#define PLURAL(n) ((n) == 1 || (n) == -1 ? "" : "s")
+char *watcher = WATCHER;
+char *watchee = WATCHEE;
+
static int cdepth; /* number of outstanding children */
static char *fmtdate(time_t);
@@ -240,8 +243,6 @@
register FILE *f;
char tempfile[64], cpu[64], os[64];
char *fmt = "%20s: %s\n";
- char *watcher = WATCHER;
- char *watchee = WATCHEE;
char *sendmail = PATH_SENDMAIL;
char *unknown = "<unknown>";
char buf[132];
@@ -258,6 +259,9 @@
}
f = stdout;
(void)putc('\n', f);
+ } else if (watcher == NULL || *watcher == NULL || *watcher == '-') {
+ dosyslog(LOG_NOTICE, title, a, e1, e2);
+ return;
} else {
/* Setup child reaper if we haven't already */
if (!init) {

22
arpwatch-dir-man.patch
View File

@ -1,22 +0,0 @@
--- arpwatch-2.1a15/arpsnmp.8.dirman 2006-11-02 17:00:58.000000000 +0100
+++ arpwatch-2.1a15/arpsnmp.8 2006-11-02 17:23:58.000000000 +0100
@@ -96,7 +96,7 @@
.na
.nh
.nf
-/usr/operator/arpwatch - default directory
+/var/lib/arpwatch - default directory
arp.dat - ethernet/ip address database
ethercodes.dat - vendor ethernet block list
.ad
--- arpwatch-2.1a15/arpwatch.8.dirman 2006-11-02 17:00:58.000000000 +0100
+++ arpwatch-2.1a15/arpwatch.8 2006-11-02 17:24:07.000000000 +0100
@@ -198,7 +198,7 @@
.na
.nh
.nf
-/usr/operator/arpwatch - default directory
+/var/lib/arpwatch - default directory
arp.dat - ethernet/ip address database
ethercodes.dat - vendor ethernet block list
.ad

48
arpwatch-drop-man.patch
View File

@ -1,48 +0,0 @@
--- a/arpwatch.8.orig Sun Oct 8 23:31:28 2000
+++ b/arpwatch.8 Mon Oct 16 16:46:19 2000
@@ -36,13 +36,16 @@
.I interface
]
.br
-.ti +8
+.ti +9
[
.B -n
.IR net [/ width
]] [
.B -r
.I file
+] [
+.B -u
+.I username
]
.ad
.SH DESCRIPTION
@@ -94,10 +97,26 @@
.B arpwatch
does not fork.
.LP
+If
+.B -u
+flag is used,
+.B arpwatch
+drops root privileges and changes user ID to
+.I username
+and group ID to that of the primary group of
+.IR username .
+This is recommended for security reasons.
+.LP
Note that an empty
.I arp.dat
file must be created before the first time you run
-.BR arpwatch .
+.BR arpwatch .
+Also, the default directory (where arp.dat is stored) must be owned
+by
+.I username
+if
+.BR -u
+flag is used.
.LP
.SH "REPORT MESSAGES"
Here's a quick list of the report messages generated by

93
arpwatch-drop.patch
View File

@ -1,93 +0,0 @@
--- arpwatch-2.1a10/arpwatch.c Sat Oct 14 05:07:35 2000
+++ arpwatch-2.1a10/arpwatch.c Sun Jun 10 16:22:57 2001
@@ -62,7 +62,7 @@
#include <string.h>
#include <syslog.h>
#include <unistd.h>
-
+#include <pwd.h>
#include <pcap.h>
#include "gnuc.h"
@@ -141,6 +141,25 @@
int sanity_fddi(struct fddi_header *, struct ether_arp *, int);
__dead void usage(void) __attribute__((volatile));
+void dropprivileges(const char* user)
+{
+ struct passwd* pw;
+ pw = getpwnam( user );
+ if ( pw ) {
+ if ( initgroups(pw->pw_name, NULL) != 0 || setgid(pw->pw_gid) != 0 ||
+ setuid(pw->pw_uid) != 0 ) {
+ syslog(LOG_ERR, "Couldn't change to '%.32s' uid=%d gid=%d", user,
+ pw->pw_uid, pw->pw_gid);
+ exit(1);
+ }
+ }
+ else {
+ syslog(LOG_ERR, "Couldn't find user '%.32s' in /etc/passwd", user);
+ exit(1);
+ }
+ syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
+}
+
int
main(int argc, char **argv)
{
@@ -153,6 +172,7 @@
register char *interface, *rfilename;
struct bpf_program code;
char errbuf[PCAP_ERRBUF_SIZE];
+ char* serveruser = NULL;
if (argv[0] == NULL)
prog = "arpwatch";
@@ -170,7 +190,7 @@
interface = NULL;
rfilename = NULL;
pd = NULL;
- while ((op = getopt(argc, argv, "df:i:n:Nr:")) != EOF)
+ while ((op = getopt(argc, argv, "df:i:n:Nr:u:")) != EOF)
switch (op) {
case 'd':
@@ -202,6 +222,16 @@
rfilename = optarg;
break;
+ case 'u':
+ if ( optarg ) {
+ serveruser = strdup(optarg);
+ }
+ else {
+ fprintf(stderr, "%s: Need username after -u\n", prog);
+ usage();
+ }
+ break;
+
default:
usage();
}
@@ -283,8 +313,11 @@
* Revert to non-privileged user after opening sockets
* (not needed on most systems).
*/
- setgid(getgid());
- setuid(getuid());
+ /*setgid(getgid());*/
+ /*setuid(getuid());*/
+ if ( serveruser ) {
+ dropprivileges( serveruser );
+ }
/* Must be ethernet or fddi */
linktype = pcap_datalink(pd);
@@ -751,6 +784,6 @@
(void)fprintf(stderr, "Version %s\n", version);
(void)fprintf(stderr, "usage: %s [-dN] [-f datafile] [-i interface]"
- " [-n net[/width]] [-r file]\n", prog);
+ " [-n net[/width]] [-r file] [-u username]\n", prog);
exit(1);
}

12
arpwatch-exitcode.patch
View File

@ -1,12 +0,0 @@
diff -up arpwatch-2.1a15/arpwatch.c.exitcode arpwatch-2.1a15/arpwatch.c
--- arpwatch-2.1a15/arpwatch.c.exitcode 2011-07-08 15:35:28.758414483 +0200
+++ arpwatch-2.1a15/arpwatch.c 2011-07-08 15:35:31.539417016 +0200
@@ -782,7 +782,7 @@ die(int signo)
syslog(LOG_DEBUG, "exiting");
checkpoint(0);
- exit(1);
+ exit(0);
}
RETSIGTYPE

18
arpwatch-pie.patch
View File

@ -1,18 +0,0 @@
--- arpwatch-2.1a15/Makefile.in 2013-04-23 11:17:51.994488347 +0200
+++ arpwatch-2.1a15/Makefile.in.new 2013-04-23 11:17:24.000000000 +0200
@@ -48,12 +48,12 @@
DEFS = -DDEBUG @DEFS@ -DARPDIR=\"$(ARPDIR)\" -DPATH_SENDMAIL=\"$(SENDMAIL)\"
# Standard CFLAGS
-CFLAGS = $(CCOPT) $(DEFS) $(INCLS)
+CFLAGS = $(CCOPT) $(DEFS) $(INCLS) -pie
# Standard LIBS
-LIBS = @LIBS@
+LIBS = @LIBS@ -pie -Wl,-z,relro,-z,now
# Standard LIBS without libpcap.a
-SLIBS = @LBL_LIBS@
+SLIBS = @LBL_LIBS@ -pie -Wl,-z,relro,-z,now
INSTALL = @INSTALL@
SENDMAIL = @V_SENDMAIL@

106
arpwatch-promisc.patch
View File

@ -1,106 +0,0 @@
--- a/arpwatch.8 2016-01-26 10:13:58.344326599 +0100
+++ b/arpwatch.8 2016-01-26 09:59:46.620048949 +0100
@@ -27,7 +27,7 @@ arpwatch - keep track of ethernet/ip add
.na
.B arpwatch
[
-.B -dN
+.B -dNp
] [
.B -f
.I datafile
@@ -70,6 +70,10 @@ background and emailing the reports. Ins
.IR stderr .
.LP
The
+.B -p
+flag disables promiscous mode.
+.LP
+The
.B -f
flag is used to set the ethernet/ip address database filename.
The default is
diff -rup arpwatch-2.1a15/arpwatch.c arpwatch-2.1a15-new/arpwatch.c
--- a/arpwatch.c 2016-01-26 10:13:58.356326563 +0100
+++ b/arpwatch.c 2016-01-26 10:13:37.273390029 +0100
@@ -162,7 +162,7 @@ void dropprivileges(const char* user)
}
char *
-try_dev(char *interface, pcap_t **pd, int *linktype, char *errbuf)
+try_dev(char *interface, pcap_t **pd, int *linktype, int promisc, char *errbuf)
{
register int snaplen, timeout;
@@ -170,7 +170,7 @@ try_dev(char *interface, pcap_t **pd, in
sizeof(struct fddi_header)) + sizeof(struct ether_arp);
timeout = 1000;
- *pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+ *pd = pcap_open_live(interface, snaplen, promisc, timeout, errbuf);
if (NULL == *pd) {
syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
return NULL;
@@ -187,14 +187,14 @@ try_dev(char *interface, pcap_t **pd, in
}
char *
-iterate_dev(char *arginterface, pcap_t **pd, int *linktype, char *errbuf)
+iterate_dev(char *arginterface, pcap_t **pd, int *linktype, int promisc, char *errbuf)
{
static char interface[64 + 1];
pcap_if_t *alldevs;
pcap_if_t *dev;
if (NULL != arginterface) {
- return try_dev(arginterface, pd, linktype, errbuf);
+ return try_dev(arginterface, pd, linktype, promisc, errbuf);
} else {
if (pcap_findalldevs(&alldevs, errbuf) == -1) {
(void)fprintf(stderr, "%s: lookup_device: %s\n",
@@ -203,7 +203,7 @@ iterate_dev(char *arginterface, pcap_t *
}
for (dev = alldevs; dev && (arginterface == NULL); dev = dev->next) {
strncpy(interface, dev->name, strlen(dev->name)+1);
- arginterface = try_dev(interface, pd, linktype, errbuf);
+ arginterface = try_dev(interface, pd, linktype, promisc, errbuf);
}
pcap_freealldevs(alldevs);
return arginterface;
@@ -224,6 +224,7 @@ main(int argc, char **argv)
struct bpf_program code;
char errbuf[PCAP_ERRBUF_SIZE];
char* serveruser = NULL;
+ int promisc = 1;
if (argv[0] == NULL)
prog = "arpwatch";
@@ -242,7 +243,7 @@ main(int argc, char **argv)
linktype = -1;
rfilename = NULL;
pd = NULL;
- while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
+ while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:p")) != EOF)
switch (op) {
case 'd':
@@ -304,6 +305,10 @@ main(int argc, char **argv)
}
break;
+ case 'p':
+ promisc = 0;
+ break;
+
default:
usage();
}
@@ -317,7 +322,7 @@ main(int argc, char **argv)
} else {
/* Determine interface if not specified */
- interface = iterate_dev(interface, &pd, &linktype, errbuf);
+ interface = iterate_dev(interface, &pd, &linktype, promisc, errbuf);
if (interface == NULL) {
(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
prog);

27
arpwatch-scripts.patch
View File

@ -1,27 +0,0 @@
--- arpwatch-2.1a15/arp2ethers.scripts 2002-01-05 20:40:48.000000000 +0100
+++ arpwatch-2.1a15/arp2ethers 2006-11-09 14:34:42.000000000 +0100
@@ -13,7 +13,7 @@
# - sort
#
-sort +2rn arp.dat | \
+sort -k 2 -rn arp.dat | \
awk 'NF == 4 { print }' | \
awk -f p.awk | \
egrep -v '\.[0-9][0-9]*$' | \
--- arpwatch-2.1a15/arpfetch.scripts 2006-07-28 20:10:30.000000000 +0200
+++ arpwatch-2.1a15/arpfetch 2006-11-09 14:37:05.000000000 +0100
@@ -4,8 +4,6 @@
# arpfetch - collect arp data from a cisco using net-snmp
#
-export PATH="/usr/local/bin:${PATH}"
-
prog=`basename $0`
if [ $# -ne 2 ]; then
@@ -30,4 +28,3 @@
print ea "\t" ip
}'
-rm -f ${t1}

26
arpwatch.service
View File

@ -1,12 +1,26 @@
[Unit]
Description=Arpwatch daemon which keeps track of ethernet/ip address pairings
After=syslog.target network-online.target
Documentation=man:arpwatch
Wants=network-online.target
Documentation=man:arpwatch(8)
[Service]
Type=forking
Type=simple
PrivateTmp=yes
ExecStart=/usr/sbin/arpwatch -u arpwatch -e root -s 'root (Arpwatch)'
EnvironmentFile=-/etc/sysconfig/arpwatch
ExecStart=/usr/sbin/arpwatch -u arpwatch -F $OPTIONS
Restart=on-failure
ProtectProc=invisible
CapabilityBoundingSet=CAP_NET_RAW CAP_NET_ADMIN CAP_SETGID CAP_SETUID
ProtectSystem=full
ProtectHome=true
ProtectClock=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
RestrictSUIDSGID=true
SystemCallFilter=@system-service
SystemCallFilter=~@aio @chown @clock @ipc @keyring @memlock @resources
SystemCallArchitectures=native
[Install]
WantedBy=multi-user.target
WantedBy=multi-user.target

144
arpwatch.spec
View File

@ -1,43 +1,37 @@
%global _vararpwatch %{_localstatedir}/lib/arpwatch
%global pkgstatedir %{_sharedstatedir}/arpwatch
%global _hardened_build 1
Name: arpwatch
Epoch: 14
Version: 2.1a15
Release: 48
Version: 3.3
Release: 1
Summary: Network monitoring tools for tracking IP addresses on a network
License: BSD with advertising
URL: http://ee.lbl.gov/
Source0: https://ee.lbl.gov/downloads/arpwatch/arpwatch-%{version}.tar.gz
Source1: arpwatch.service
Source2: ethercodes-20110707.dat.bz2
BuildRequires: libpcap-devel perl-interpreter systemd sendmail
BuildRequires: gcc
Source3: arpwatch.sysconfig
BuildRequires: libpcap-devel systemd sendmail python3-devel
BuildRequires: gcc make
Requires(pre): shadow-utils
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
Requires: sendmail
# The following patches come from upstream
Patch0001: arpwatch-2.1a4-fhs.patch
Patch0002: arpwatch-2.1a10-man.patch
Patch0003: arpwatch-drop.patch
Patch0004: arpwatch-drop-man.patch
Patch0005: arpwatch-addr.patch
Patch0006: arpwatch-dir-man.patch
Patch0007: arpwatch-scripts.patch
Patch0008: arpwatch-2.1a15-nolocalpcap.patch
Patch0009: arpwatch-2.1a15-bogon.patch
Patch0010: arpwatch-2.1a15-extraman.patch
Patch0011: arpwatch-exitcode.patch
Patch0012: arpwatch-2.1a15-dropgroup.patch
Patch0013: arpwatch-2.1a15-devlookup.patch
Patch0014: arpwatch-2.1a15-lookupiselect.patch
Patch0015: arpwatch-201301-ethcodes.patch
Patch0016: arpwatch-pie.patch
Patch0017: arpwatch-aarch64.patch
Patch0018: arpwatch-promisc.patch
Patch0019: arpwatch-add-sw64-architecture.patch
Requires: sendmail python3
Patch1: arpwatch-3.1-man-references.patch
Patch2: arpwatch-3.2-change-user.patch
Patch3: arpwatch-3.1-arp2ethers-sort-invocation.patch
Patch4: arpwatch-3.1-arpfetch-stray-rm.patch
Patch5: arpwatch-3.2-no-usr-local-path.patch
Patch6: arpwatch-3.1-configure-no-local-pcap.patch
Patch7: arpwatch-3.1-all-zero-bogon.patch
Patch8: arpwatch-3.1-exitcode.patch
Patch9: arpwatch-3.1-devlookup.patch
Patch10: arpwatch-3.3-c99.patch
Patch11: arpwatch-add-sw64-architecture.patch
%description
The arpwatch package contains arpwatch and arpsnmp. Arpwatch and
@ -54,53 +48,57 @@ The arpwatch-help package provides the help manual function separately.
%prep
%autosetup -n %{name}-%{version} -p1
# Substitute absolute paths to awk scripts in shell scripts
sed -r -i 's|(-f *)([^[:blank:]+]\.awk)|\1%{_datadir}/arpwatch/\2|' arp2ethers
sed -r -i 's|/usr/local/arpwatch|%{pkgstatedir}|g' *.8.in *.sh.in *.sh
sed -r -i 's|/usr/local/bin/python|/usr/bin/python3|g' update-ethercodes.sh.in
%build
%configure
%make_build ARPDIR=%{_vararpwatch}
%configure --with-sendmail=/usr/sbin/sendmail PYTHON=/usr/bin/python3
%make_build ARPDIR=%{pkgstatedir}
%install
install -d $RPM_BUILD_ROOT%{_mandir}/man8
install -d $RPM_BUILD_ROOT%{_sbindir}
install -d $RPM_BUILD_ROOT%{_vararpwatch}
install -d $RPM_BUILD_ROOT%{_datadir}/arpwatch
install -d $RPM_BUILD_ROOT%{pkgstatedir}
install -d $RPM_BUILD_ROOT%{_unitdir}
touch $RPM_BUILD_ROOT%{_vararpwatch}/arp.dat-
%make_install install-man
install -d $RPM_BUILD_ROOT%{_prefix}/etc/rc.d
%make_install
# prepare awk scripts
perl -pi -e "s/\'/\'\\\'\'/g" *.awk
install -p -t $RPM_BUILD_ROOT%{_datadir}/arpwatch -m 0644 *.awk
install -p -t $RPM_BUILD_ROOT%{_sbindir} arp2ethers
install -p massagevendor.py $RPM_BUILD_ROOT%{_sbindir}/massagevendor
# and embed them
for i in arp2ethers massagevendor massagevendor-old; do
cp -f $i $RPM_BUILD_ROOT%{_sbindir}
for j in *.awk; do
sed "s/-f\ *\(\<$j\>\)/\'\1\n\' /g" \
< $RPM_BUILD_ROOT%{_sbindir}/$i \
| sed "s/$j\$//;tx;b;:x;r$j" \
> $RPM_BUILD_ROOT%{_sbindir}/$i.x
mv -f $RPM_BUILD_ROOT%{_sbindir}/$i{.x,}
done
chmod 755 $RPM_BUILD_ROOT%{_sbindir}/$i
done
install -p -t $RPM_BUILD_ROOT%{pkgstatedir} -m0644 *.dat
touch $RPM_BUILD_ROOT%{pkgstatedir}/arp.dat- $RPM_BUILD_ROOT%{pkgstatedir}/arp.dat.new
install -p -t $RPM_BUILD_ROOT%{_unitdir} -m 0644 %{SOURCE1}
install -d $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig
install -p -m 0644 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/sysconfig/arpwatch
install -p -m 0644 %{SOURCE2} $RPM_BUILD_ROOT%{pkgstatedir}/ethercodes.dat.bz2
bunzip2 -f %{buildroot}%{pkgstatedir}/ethercodes.dat.bz2
install -p -m644 *.dat $RPM_BUILD_ROOT%{_vararpwatch}
install -p -m644 %{SOURCE1} $RPM_BUILD_ROOT%{_unitdir}/arpwatch.service
install -p -m644 %{SOURCE2} $RPM_BUILD_ROOT%{_vararpwatch}/ethercodes.dat.bz2
bzip2 -df $RPM_BUILD_ROOT%{_vararpwatch}/ethercodes.dat.bz2
# Remove legacy init scripts:
rm -rvf %{buildroot}%{_prefix}/etc/rc.d
%pre
if ! getent group arpwatch &> /dev/null; then
getent group pcap 2> /dev/null | grep -q 77 &&
/usr/sbin/groupmod -n arpwatch pcap 2> /dev/null ||
/usr/sbin/groupadd -g 77 arpwatch 2> /dev/null
getent group arpwatch >/dev/null || groupadd -f -g 77 -r arpwatch
if ! getent passwd arpwatch >/dev/null
then
if ! getent passwd 77 >/dev/null
then
useradd -r -u 77 -g arpwatch \
-d %{pkgstatedir} -s /sbin/nologin \
-c Service user for arpwatch arpwatch
else
useradd -r -g arpwatch \
-d %{pkgstatedir} -s /sbin/nologin \
-c Service user for arpwatch arpwatch
fi
fi
if ! getent passwd arpwatch &> /dev/null; then
getent passwd pcap 2> /dev/null | grep -q 77 &&
/usr/sbin/usermod -l arpwatch -g 77 \
-d %{_vararpwatch} pcap 2> /dev/null ||
/usr/sbin/useradd -u 77 -g 77 -s /sbin/nologin \
-M -r -d %{_vararpwatch} arpwatch 2> /dev/null
fi
:
exit 0
%preun
%systemd_preun arpwatch.service
@ -112,23 +110,31 @@ fi
%systemd_postun_with_restart arpwatch.service
%files
%exclude %{_sbindir}/massagevendor-old
%doc README CHANGES arpfetch
%{_sbindir}/arpwatch
%{_sbindir}/arpsnmp
%attr(0755,-,-)%{_sbindir}/arpwatch
%attr(0755,-,-)%{_sbindir}/arpsnmp
%{_sbindir}/arp2ethers
%{_sbindir}/massagevendor
%dir %{_datadir}/arpwatch
%{_datadir}/arpwatch/*.awk
%{_unitdir}/arpwatch.service
%attr(1775,-,arpwatch) %dir %{_vararpwatch}
%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/arp.dat
%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/arp.dat-
%attr(0600,arpwatch,arpwatch) %verify(not md5 size mtime) %ghost %{_vararpwatch}/arp.dat.new
%attr(0644,-,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/ethercodes.dat
%config(noreplace) %{_sysconfdir}/sysconfig/arpwatch
%attr(1775,-,arpwatch) %dir %{pkgstatedir}
%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat
%attr(0644,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/arp.dat-
%attr(0600,arpwatch,arpwatch) %verify(not md5 size mtime) %ghost %{pkgstatedir}/arp.dat.new
%attr(0644,-,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{pkgstatedir}/ethercodes.dat
%files help
%{_mandir}/man8/*.8*
%changelog
* Thu Oct 26 2023 yanglu<yanglu72@h-partners.com> - 14:3.3-1
- Type:requirements
- Id:NA
- SUG:NA
- DESC:update arpwatch version to 3.3
* Thu Jul 28 2022 wuzx<wuzx1226@qq.com> - 14:2.1a15-48
- Type:feature
- Id:NA

2
arpwatch.sysconfig Normal file
View File

@ -0,0 +1,2 @@
# See arpwatch(8) for more information on available options.
OPTIONS=-C