# This package provides a version of libpcap that supports MMAP mode on # the linux kernel. # Many thanks goto Phil Wood from Los Alamos National Laboratory # for creating the patches. # Harry Hoffman # %define _vararpwatch %{_localstatedir}/arpwatch %define PCAP_UID 77 %define PCAP_GID 77 %define releaseno 3.9.HH %define arpwatch_release %{releaseno} %define pcap_release %{releaseno} %define tcpdump_release %{releaseno} Summary: A networking traffic monitoring tool. Name: tcpdump Version: 3.8.20050120 %define tcpdump_dir tcpdump-3.8.20050120 Release: %{tcpdump_release} License: BSD URL: http://www.tcpdump.org Group: Applications/Internet Source0: http://public.lanl.gov/cpw/tcpdump-3.8.20050120.tar.gz Source1: http://public.lanl.gov/cpw/libpcap-1.0.20050129.tar.gz Source2: ftp://ftp.ee.lbl.gov/arpwatch-2.1a13.tar.gz Source3: arpwatch.init Source4: arpwatch.sysconfig Patch0: arpwatch-2.1a4-fhs.patch Patch1: arpwatch-2.1a10-man.patch Patch2: arpwatch-drop.patch Patch3: arpwatch-drop-man.patch Patch4: arpwatch-addr.patch Patch5: arpwatch-noipv4.patch Prefix: %{_prefix} BuildRequires: kernel-headers >= 2.2.0 openssl-devel Requires: kernel >= 2.2.0 BuildRoot: %{_tmppath}/%{name}-root %description Tcpdump is a command-line tool for monitoring network traffic. Tcpdump can capture and display the packet headers on a particular network interface or on all interfaces. Tcpdump can display all of the packet headers, or just the ones that match particular criteria. Install tcpdump if you need a program to monitor network traffic. %package -n libpcap Version: 1.0.20050129 Release: %{pcap_release} %define libpcap_dir libpcap-1.0.20050129 Summary: A system-independent interface for user-level packet capture. Group: Development/Libraries License: BSD URL: http://www.tcpdump.org Requires: kernel >= 2.2.0 openssl %description -n libpcap Libpcap provides a portable framework for low-level network monitoring. Libpcap can provide network statistics collection, security monitoring and network debugging. Since almost every system vendor provides a different interface for packet capture, the libpcap authors created this system-independent API to ease in porting and to alleviate the need for several system-dependent packet capture modules in each application. Install libpcap if you need to do low-level network traffic monitoring on your network. %package -n arpwatch Version: 2.1a13 Release: %{arpwatch_release} %define arpwatch_dir arpwatch-2.1a13 Summary: Network monitoring tools for tracking IP addresses on a network. Group: Applications/System License: BSD URL: http://www.tcpdump.org Prereq: /sbin/chkconfig /sbin/service %description -n arpwatch The arpwatch package contains arpwatch and arpsnmp. Arpwatch and arpsnmp are both network monitoring tools. Both utilities monitor Ethernet or FDDI network traffic and build databases of Ethernet/IP address pairs, and can report certain changes via email. Install the arpwatch package if you need networking monitoring devices which will automatically keep track of the IP addresses on your network. %prep %setup -q -c -a 1 -a 2 -a 4 pushd %arpwatch_dir %patch0 -p1 -b .fhs %patch1 -p1 -b .arpsnmpman %patch2 -p1 -b .droproot %patch3 -p0 -b .droprootman %patch4 -p1 -b .mailuser %patch5 -p1 popd %build pushd %libpcap_dir %configure --enable-ipv6 --enable-shared #DEFS="-g -fPIC -DHAVE_CONFIG_H" %ifarch alpha sparc sparc64 #DEFS="$DEFS -DHAVE_ETHER_HOSTTON=1 -DLBL_ALIGN=1" %endif #make DEFS="$DEFS" make popd pushd %tcpdump_dir %define optflags $RPM_OPT_FLAGS -DIP_MAX_MEMBERSHIPS=20 autoheader %configure --enable-ipv6 --with-user=pcap %undefine optflags DEFS="-D_U_=\"\" -g -DHAVE_CONFIG_H" %ifarch alpha sparc sparc64 DEFS="$DEFS -DHAVE_ETHER_HOSTTON=1 -DLBL_ALIGN=1 -DHAVE_ETHER_NTOA=1" %endif %ifarch sparc sparc64 DEFS="$DEFS -DWORDS_BIGENDIAN" %endif make DEFS="$DEFS" popd pushd %arpwatch_dir #aclocal #autoconf %configure make ARPDIR=%{_vararpwatch} popd %install rm -rf ${RPM_BUILD_ROOT} mkdir -p ${RPM_BUILD_ROOT}%{_libdir} mkdir -p ${RPM_BUILD_ROOT}%{_mandir}/man{3,8} mkdir -p ${RPM_BUILD_ROOT}%{_sbindir} pushd %libpcap_dir mkdir -p ${RPM_BUILD_ROOT}%{_includedir}/net make DESTDIR=${RPM_BUILD_ROOT} includedir=%{_includedir} install chmod +x ${RPM_BUILD_ROOT}%{_libdir}/libpcap.so.* install -m644 pcap.3 ${RPM_BUILD_ROOT}%{_mandir}/man3/pcap.3 popd pushd %tcpdump_dir install -m755 tcpdump ${RPM_BUILD_ROOT}%{_sbindir} install -m644 tcpdump.1 ${RPM_BUILD_ROOT}%{_mandir}/man8/tcpdump.8 popd pushd %arpwatch_dir make DESTDIR=${RPM_BUILD_ROOT} install install-man mkdir -p ${RPM_BUILD_ROOT}%{_vararpwatch} for n in arp2ethers arpfetch massagevendor massagevendor-old; do install -m755 $n ${RPM_BUILD_ROOT}%{_vararpwatch} done for n in *.awk *.dat missingcodes.txt; do install -m644 $n ${RPM_BUILD_ROOT}%{_vararpwatch} done ( cd ${RPM_BUILD_ROOT} mkdir -p ./etc/rc.d/init.d install -c -m755 $RPM_SOURCE_DIR/arpwatch.init ./etc/rc.d/init.d/arpwatch mkdir -p ./etc/sysconfig install -c -m644 $RPM_SOURCE_DIR/arpwatch.sysconfig ./etc/sysconfig/arpwatch ) popd ( cd ${RPM_BUILD_ROOT} strip .%{_sbindir}/* || : ) %clean rm -rf ${RPM_BUILD_ROOT} %pre /usr/sbin/groupadd -g %{PCAP_GID} pcap 2> /dev/null /usr/sbin/useradd -u %{PCAP_UID} -g %{PCAP_GID} \ -s /sbin/nologin -M -r -d %{_vararpwatch} pcap 2> /dev/null || /usr/bin/chsh pcap /sbin/nologin 2> /dev/null exit 0 %post -n arpwatch /sbin/chkconfig --add arpwatch %pre -n arpwatch /usr/sbin/groupadd -g %{PCAP_GID} pcap 2> /dev/null /usr/sbin/useradd -u %{PCAP_UID} -g %{PCAP_GID} \ -s /sbin/nologin -M -r -d %{_vararpwatch} pcap 2> /dev/null || /usr/bin/chsh pcap /sbin/nologin 2> /dev/null exit 0 %postun -n arpwatch /sbin/service arpwatch condrestart >/dev/null 2>&1 || : %preun -n arpwatch if [ "$1" = "0" ]; then /sbin/service arpwatch stop > /dev/null 2>&1 /sbin/chkconfig --del arpwatch fi %post -n libpcap -p /sbin/ldconfig %postun -n libpcap -p /sbin/ldconfig %files -n tcpdump %defattr(-,root,root) %doc %tcpdump_dir/README %tcpdump_dir/CHANGES %tcpdump_dir/LICENSE %{_sbindir}/tcpdump %{_mandir}/man8/tcpdump.8* %files -n libpcap %defattr(-,root,root) %doc %libpcap_dir/README %libpcap_dir/CHANGES %libpcap_dir/LICENSE %{_includedir}/* %{_libdir}/libpcap* %{_mandir}/man3/pcap.3* %files -n arpwatch %defattr(-,root,root) %doc %arpwatch_dir/README %arpwatch_dir/CHANGES %{_sbindir}/arpwatch %{_sbindir}/arpsnmp %{_mandir}/man8/arpwatch.8* %{_mandir}/man8/arpsnmp.8* %config /etc/rc.d/init.d/arpwatch %config(noreplace) /etc/sysconfig/arpwatch %defattr(-,pcap,pcap) %dir %{_vararpwatch} %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/arp.dat %verify(not md5 size mtime) %config %{_vararpwatch}/ethercodes.dat %config %{_vararpwatch}/missingcodes.txt %{_vararpwatch}/*.awk %{_vararpwatch}/arp2ethers %{_vararpwatch}/arpfetch %{_vararpwatch}/massagevendor %{_vararpwatch}/massagevendor-old %changelog * Fri Apr 29 2005 Harry Hoffman - 3.8.HH - Added patches to allow for no IPv4 addresses * Fri Apr 22 2005 Harry Hoffman - 3.8.HH - borrowed spec file from redhat and updated versions - tcpdump/libpcap have the ring patches from Phil Wood