patch to fix with newer kernels. dismod perl script modified to find the System.map and dismod executables

(Portage version: 2.0.51.22-r1)
author: Daniel Black <dragonheart@gentoo.org> 2005-07-19 10:56:59 +0000
committer: Daniel Black <dragonheart@gentoo.org> 2005-07-19 10:56:59 +0000
commit: 3a18b3fc72e81cdadc49f1780d85c287d9ac575c (patch)
tree: 7c6091af4bcd83f4ace8043bd24c6e0986d698c3 /app-forensics/airt
parent: Added fix/workaround for bug 94199 (diff)
download: gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.tar.gz
gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.tar.bz2
gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.zip
6 files changed, 186 insertions, 11 deletions
diff --git a/app-forensics/airt/ChangeLog b/app-forensics/airt/ChangeLog
index 4103095260a2..5a26b88853af 100644
--- a/app-forensics/airt/ChangeLog
+++ b/app-forensics/airt/ChangeLog
@@ -1,6 +1,14 @@
 # ChangeLog for app-forensics/airt
 # Copyright 1999-2005 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/ChangeLog,v 1.1 2005/01/26 01:55:37 dragonheart Exp $
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/ChangeLog,v 1.2 2005/07/19 10:56:59 dragonheart Exp $
+
+*airt-0.4-r1 (19 Jul 2005)
+
+  19 Jul 2005; Daniel Black <dragonheart@gentoo.org>
+  +files/airt-0.4-dismod.patch, +files/airt-0.4-kernelupdate.patch,
+  +airt-0.4-r1.ebuild:
+  patch to fix with newer kernels. dismod perl script modified to find the
+  System.map and dismod executables
 
   26 Jan 2005; Daniel Black <dragonheart@gentoo.org> +airt-0.4.ebuild,
   +metadata.xml:
diff --git a/app-forensics/airt/Manifest b/app-forensics/airt/Manifest
index 27d239ad92c2..183b68020a56 100644
--- a/app-forensics/airt/Manifest
+++ b/app-forensics/airt/Manifest
@@ -1,14 +1,8 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
 MD5 df3e59ec816b16c961e26b502ed7bf1e airt-0.4.ebuild 1066
 MD5 dd09b3d3602805b1bbcac35ef93e82c6 metadata.xml 707
 MD5 51c610e08d33ffa49e4e32729eb97770 ChangeLog 389
+MD5 ba9e5a6fc5267b068d322d875ea5ce06 airt-0.4-r1.ebuild 1156
 MD5 827cc186dcaac15ec33e2fdf18c78399 files/digest-airt-0.4 60
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.4.0 (GNU/Linux)
-
-iD8DBQFB9vmSmdTrptrqvGERAhPXAJ9SOUaqq1coPD//WsAAEIvVwAlujwCfR/R2
-pjEswzI8w66xlcsYLzmNGZg=
-=Duyg
------END PGP SIGNATURE-----
+MD5 d22f2ab7a3eb68a1a10927e0817498dd files/airt-0.4-kernelupdate.patch 6178
+MD5 827cc186dcaac15ec33e2fdf18c78399 files/digest-airt-0.4-r1 60
+MD5 466eea11f18af7adea2700516d1661af files/airt-0.4-dismod.patch 641
diff --git a/app-forensics/airt/airt-0.4-r1.ebuild b/app-forensics/airt/airt-0.4-r1.ebuild
new file mode 100644
index 000000000000..1d675dce012b
--- /dev/null
+++ b/app-forensics/airt/airt-0.4-r1.ebuild
@@ -0,0 +1,41 @@
+# Copyright 1999-2005 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/app-forensics/airt/airt-0.4-r1.ebuild,v 1.1 2005/07/19 10:56:59 dragonheart Exp $
+
+inherit linux-mod toolchain-funcs eutils
+
+DESCRIPTION="AIRT(Advanced incident response tool) is a set of incident response assistant tools on linux platform."
+HOMEPAGE="http://159.226.5.93/projects/airt.htm"
+SRC_URI="http://159.226.5.93/projects/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+KEYWORDS="~x86 -*"
+IUSE=""
+S=${WORKDIR}/${PN}
+DEPEND="virtual/libc"
+
+MODULE_NAMES="sock_hunter(:) process_hunter(:) mod_hunter(:) modumper(:${S}/mod_dumper)"
+BUILD_PARAMS="KDIR=${KERNEL_DIR}"
+BUILD_TARGETS="default"
+
+src_unpack() {
+	unpack ${A}
+	epatch ${FILESDIR}/${P}-kernelupdate.patch
+	epatch ${FILESDIR}/${P}-dismod.patch
+	sed -i -e "s|^CC.*|CC = $(tc-getCC) ${CFLAGS}|" -e "s/modumper:/default:/" \
+		${S}/mod_dumper/Makefile
+}
+
+src_compile() {
+	linux-mod_src_compile
+	emake -C mod_dumper dismod || die
+}
+
+
+src_install() {
+	linux-mod_src_install
+	dosbin mod_dumper/dismod
+	dosbin mod_dumper/dismod.pl
+	dodoc CHANGELOG.txt README.txt TODO
+}
+
diff --git a/app-forensics/airt/files/airt-0.4-dismod.patch b/app-forensics/airt/files/airt-0.4-dismod.patch
new file mode 100644
index 000000000000..55ccc2f13da4
--- /dev/null
+++ b/app-forensics/airt/files/airt-0.4-dismod.patch
@@ -0,0 +1,18 @@
+--- airt/mod_dumper/dismod.pl.orig	2005-07-19 20:40:29.000000000 +1000
++++ airt/mod_dumper/dismod.pl	2005-07-19 20:43:21.000000000 +1000
+@@ -19,7 +19,7 @@
+ close FH;
+ $os_ver = `uname -r`;
+ chomp $os_ver;
+-while(</boot/System.map*>){
++while(</boot/System.map-$os_ver /lib/modules/$os_ver/source/System.map /lib/modules/$os_ver/build/System.map /boot/System.map>){
+ 	chomp;
+ 	print $_ . "\n";
+ 	$file_tmp = $_;
+@@ -32,5 +32,5 @@
+ 	}
+ }
+ $symbol_file = $file_tmp if($symbol_file eq "");
+-$output = `./dismod -s $base_addr -l $dis_size -t $symbol_file`;
++$output = `/usr/sbin/dismod -s $base_addr -l $dis_size -t $symbol_file`;
+ print $output;
diff --git a/app-forensics/airt/files/airt-0.4-kernelupdate.patch b/app-forensics/airt/files/airt-0.4-kernelupdate.patch
new file mode 100644
index 000000000000..53846066ef16
--- /dev/null
+++ b/app-forensics/airt/files/airt-0.4-kernelupdate.patch
@@ -0,0 +1,113 @@
+--- airt/sock_hunter.c	2005-01-08 15:04:12.000000000 +1100
++++ airt-new/sock_hunter.c	2005-07-19 10:44:27.000000000 +1000
+@@ -157,7 +157,9 @@
+ 
+ 		case 10:
+ 			return 	"TCP_LISTEN";
+-			//TCP_CLOSING;
++
++		case 11:
++			return "TCP_CLOSING";
+ 
+ 		default:
+ 			return 	"unknow state";
+@@ -219,7 +221,7 @@
+ 	struct list_head        *p, *q;
+ 	struct kmem_cache_s     *cachep;
+ 	struct slab             *slabp;
+-	struct tcp_sock		*tcp_sk;
++	struct inet_sock	tcp_sk_inet;
+ 	int                     i;
+ 
+ 
+@@ -249,9 +251,9 @@
+ 				list_for_each(q, &(cachep->lists.slabs_full)){
+ 					slabp = list_entry(q, struct slab, list);
+ 					for(i = 0; i < cachep->num; i++){
+-						tcp_sk = slabp->s_mem + i * cachep->objsize;
+-						//						printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state);
+-						printk("%5d    %15s    %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state));
++						tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet;
++						// printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state);
++						printk("%5d    %15s    %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state));
+ 					}
+ 				}
+ 				/*---------- slabs partial --------------*/
+@@ -269,9 +271,9 @@
+ 
+ 					for(i = 0; i < cachep->num; i++){
+ 						if(!my_array[i]){
+-							tcp_sk = slabp->s_mem + i * cachep->objsize;
+-							//							printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk->inet.sport), tcp_sk->inet.saddr, tcp_sk->sk.sk_state);
+-							printk("%5d    %15s    %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state));
++							tcp_sk_inet = ((struct tcp_sock *)slabp->s_mem + i * cachep->objsize)->inet;
++							// printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk_inet.sport), tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state);
++							printk("%5d    %15s    %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state));
+ 						}
+ 					}
+ 				}
+@@ -285,9 +287,9 @@
+ 				list_for_each(q, &(cachep->lists.slabs_full)){
+ 					slabp = list_entry(q, struct slab, list);
+ 					for(i = 0; i < cachep->num; i++){
+-						tcp_sk = slabp->s_mem + i * cachep->objsize;
+-						//						printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state);
+-						printk("%5d    %15s    %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state));
++						tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet;
++						// printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state);
++						printk("%5d    %15s    %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state));
+ 					}
+ 				}
+ 				/*---------- slabs partial --------------*/
+@@ -305,9 +307,9 @@
+ 
+ 					for(i = 0; i < cachep->num; i++){
+ 						if(!my_array[i]){
+-							tcp_sk = slabp->s_mem + i * cachep->objsize;
+-							//							printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk->inet.sport), tcp_sk->inet.saddr, tcp_sk->sk.sk_state);
+-							printk("%5d    %15s    %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_tcp_state(tcp_sk->sk.sk_state));
++							tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet;
++							// printk("port-s:%d, ip:%x, state:%d\n", ntohs(tcp_sk_inet.sport), tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state);
++							printk("%5d    %15s    %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_tcp_state(tcp_sk_inet.sk.sk_state));
+ 						}
+ 					}
+ 				}
+@@ -321,9 +323,9 @@
+ 				list_for_each(q, &(cachep->lists.slabs_full)){
+ 					slabp = list_entry(q, struct slab, list);
+ 					for(i = 0; i < cachep->num; i++){
+-						tcp_sk = slabp->s_mem + i * cachep->objsize;
+-						//						printk("port:%d, ip:%x, state:%d\n", tcp_sk->inet.sport, tcp_sk->inet.saddr, tcp_sk->sk.sk_state);
+-						printk("%5d    %15s    %15s       %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), in_ntoa(tcp_sk->inet.daddr), parse_raw_state(tcp_sk->sk.sk_state));
++						tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet;
++						// printk("port:%d, ip:%x, state:%d\n", tcp_sk_inet.sport, tcp_sk_inet.saddr, tcp_sk_inet.sk.sk_state);
++						printk("%5d    %15s    %15s       %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), in_ntoa(tcp_sk_inet.daddr), parse_raw_state(tcp_sk_inet.sk.sk_state));
+ 					}
+ 				}
+ 				/*---------- slabs partial --------------*/
+@@ -341,9 +343,9 @@
+ 
+ 					for(i = 0; i < cachep->num; i++){
+ 						if(!my_array[i]){
+-							tcp_sk = slabp->s_mem + i * cachep->objsize;
+-							//							printk("%5d    %15s    %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), parse_raw_state(tcp_sk->sk.sk_state));
+-							printk("%5d    %15s    %15s       %15s\n", ntohs(tcp_sk->inet.sport), in_ntoa(tcp_sk->inet.saddr), in_ntoa(tcp_sk->inet.daddr), parse_raw_state(tcp_sk->sk.sk_state));
++							tcp_sk_inet = ((struct tcp_sock *) slabp->s_mem + i * cachep->objsize)->inet;
++							// printk("%5d    %15s    %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), parse_raw_state(tcp_sk_inet.sk.sk_state));
++							printk("%5d    %15s    %15s       %15s\n", ntohs(tcp_sk_inet.sport), in_ntoa(tcp_sk_inet.saddr), in_ntoa(tcp_sk_inet.daddr), parse_raw_state(tcp_sk_inet.sk.sk_state));
+ 						}
+ 					}
+ 				}
+--- airt/mod_hunter.c	2005-01-08 15:04:18.000000000 +1100
++++ airt-new/mod_hunter.c	2005-07-19 10:21:47.000000000 +1000
+@@ -299,8 +299,8 @@
+ 	}
+ 
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,7)
+-printk("kobj refcount: %ud\n", ((struct module *)evil_addr)->mkobj->kobj.kref.refcount.counter);
+-	if (kobject_register(&((struct module *)evil_addr)->mkobj->kobj))
++printk("kobj refcount: %ud\n", ((struct module *)evil_addr)->mkobj.kobj.kref.refcount.counter);
++	if (kobject_register(&((struct module *)evil_addr)->mkobj.kobj))
+ 	{
+ 		printk("kobject already registered or registered failed\n");
+ 		return -EFAULT;
diff --git a/app-forensics/airt/files/digest-airt-0.4-r1 b/app-forensics/airt/files/digest-airt-0.4-r1
new file mode 100644
index 000000000000..7c116ca2c946
--- /dev/null
+++ b/app-forensics/airt/files/digest-airt-0.4-r1
@@ -0,0 +1 @@
+MD5 a3f836391d4f9d57b9621bd7916cdd08 airt-0.4.tar.bz2 73609
author	Daniel Black <dragonheart@gentoo.org>	2005-07-19 10:56:59 +0000
committer	Daniel Black <dragonheart@gentoo.org>	2005-07-19 10:56:59 +0000
commit	3a18b3fc72e81cdadc49f1780d85c287d9ac575c (patch)
tree	7c6091af4bcd83f4ace8043bd24c6e0986d698c3 /app-forensics/airt
parent	Added fix/workaround for bug 94199 (diff)
download	gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.tar.gz gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.tar.bz2 gentoo-2-3a18b3fc72e81cdadc49f1780d85c287d9ac575c.zip