From 411a2782aaa756b3a8f3988763ac592cff1257b3 Mon Sep 17 00:00:00 2001 From: Francesco Colista Date: Mon, 8 Jul 2013 11:33:58 +0000 Subject: main/arpwatch: added several patches for improving options and security --- ..._all_arpwatch-2.1a15-noreversedns-resolve.patch | 99 ++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 main/arpwatch/20_all_arpwatch-2.1a15-noreversedns-resolve.patch (limited to 'main/arpwatch/20_all_arpwatch-2.1a15-noreversedns-resolve.patch') diff --git a/main/arpwatch/20_all_arpwatch-2.1a15-noreversedns-resolve.patch b/main/arpwatch/20_all_arpwatch-2.1a15-noreversedns-resolve.patch new file mode 100644 index 0000000000..b2d523d491 --- /dev/null +++ b/main/arpwatch/20_all_arpwatch-2.1a15-noreversedns-resolve.patch @@ -0,0 +1,99 @@ +diff -Naur arpwatch-2.1a15.orig/arpwatch.8 arpwatch-2.1a15/arpwatch.8 +--- arpwatch-2.1a15.orig/arpwatch.8 2006-12-11 13:00:39.000000000 +0300 ++++ arpwatch-2.1a15/arpwatch.8 2006-12-11 13:00:55.000000000 +0300 +@@ -110,6 +110,11 @@ + .br + .ti +9 + [ ++.B -D ++] ++.br ++.ti +9 ++[ + .B -z + .I ignorenet/ignoremask + ] +@@ -240,6 +245,10 @@ + flags prevents arpwatch from sending reports by mail. (This feature comes from Debian). + .LP + The ++.B -D ++flag turns off reverse-DNS queries. This can speed up operations significantly. ++.LP ++The + .B -z + flag is used to set a range of ip addresses to ignore (such as a DHCP + range). Netmask is specified as 255.255.128.0. (This feature comes from Debian). +diff -Naur arpwatch-2.1a15.orig/arpwatch.c arpwatch-2.1a15/arpwatch.c +--- arpwatch-2.1a15.orig/arpwatch.c 2006-12-11 13:00:39.000000000 +0300 ++++ arpwatch-2.1a15/arpwatch.c 2006-12-11 13:00:55.000000000 +0300 +@@ -198,6 +198,7 @@ + "u:" + "R:" + "Q" ++ "D" + "z:" + ; + char *tmpptr; +@@ -289,6 +290,10 @@ + ++quiet; + break; + ++ case 'D': ++ ++noreversedns; ++ break; ++ + case 'z': + tmpptr = strtok(optarg, "/"); + inet_aton(tmpptr, &ignore_net); +@@ -900,6 +905,7 @@ + "[-u username] " + "[-R seconds ] " + "[-Q] " ++ "[-D] " + "[-z ignorenet/ignoremask] " + "\n" + ; +diff -Naur arpwatch-2.1a15.orig/arpwatch.h arpwatch-2.1a15/arpwatch.h +--- arpwatch-2.1a15.orig/arpwatch.h 2006-12-11 13:00:39.000000000 +0300 ++++ arpwatch-2.1a15/arpwatch.h 2006-12-11 13:00:55.000000000 +0300 +@@ -17,6 +17,7 @@ + extern char *prog; + + extern int nonewstations; /* Turns off new-station reporting. */ ++extern int noreversedns; /* Turns off reverse-dns. */ + + #ifdef ETHER_HEADER_HAS_EA + #define ESRC(ep) ((ep)->ether_shost.ether_addr_octet) +diff -Naur arpwatch-2.1a15.orig/dns.c arpwatch-2.1a15/dns.c +--- arpwatch-2.1a15.orig/dns.c 2000-10-14 05:50:52.000000000 +0400 ++++ arpwatch-2.1a15/dns.c 2006-12-11 13:01:07.000000000 +0300 +@@ -71,6 +71,8 @@ + } querybuf; + #endif + ++int noreversedns = 0; ++ + int + gethinfo(register char *hostname, register char *cpu, register int cpulen, + register char *os, register int oslen) +@@ -84,6 +86,9 @@ + register int type, class, buflen, ancount, qdcount; + querybuf qbuf; + ++ if (noreversedns) ++ return (0); ++ + qb = &qbuf; + n = res_query(hostname, C_IN, T_HINFO, qb->buf, sizeof(qb->buf)); + if (n < 0) +@@ -144,6 +149,9 @@ + register int32_t options; + register struct hostent *hp; + ++ if (noreversedns) ++ return (intoa(a)); ++ + options = _res.options; + _res.options |= RES_AAONLY; + _res.options &= ~(RES_DEFNAMES | RES_DNSRCH); -- cgit v1.2.3