rpms/dsniff/F-7 dsniff-2.4-amd64_fix.patch, NONE, 1.1 dsniff-2.4-arpa_inet_header.patch, NONE, 1.1 dsniff-2.4-checksum.patch, NONE, 1.1 dsniff-2.4-checksum_libnids.patch, NONE, 1.1 dsniff-2.4-fedora_dirs.patch, NONE, 1.1 dsniff-2.4-glib2.patch, NONE, 1.1 dsniff-2.4-libnet_11.patch, NONE, 1.1 dsniff-2.4-mailsnarf_corrupt.patch, NONE, 1.1 dsniff-2.4-multiple_intf.patch, NONE, 1.1 dsniff-2.4-obsolete_time.patch, NONE, 1.1 dsniff-2.4-openssl_098.patch, NONE, 1.1 dsniff-2.4-pcap_read_dump.patch, NONE, 1.1 dsniff-2.4-pop_with_version.patch, NONE, 1.1 dsniff-2.4-sshcrypto.patch, NONE, 1.1 dsniff-2.4-string_header.patch, NONE, 1.1 dsniff-2.4-sysconf_clocks.patch, NONE, 1.1 dsniff-2.4-time_h.patch, NONE, 1.1 dsniff-2.4-urlsnarf_escape.patch, NONE, 1.1 dsniff-2.4-urlsnarf_zeropad.patch, NONE, 1.1 dsniff.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2

Robert Scheck (robert) fedora-extras-commits at redhat.com
Mon Dec 3 22:19:21 UTC 2007


Author: robert

Update of /cvs/pkgs/rpms/dsniff/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv4993a/F-7

Modified Files:
	.cvsignore sources 
Added Files:
	dsniff-2.4-amd64_fix.patch dsniff-2.4-arpa_inet_header.patch 
	dsniff-2.4-checksum.patch dsniff-2.4-checksum_libnids.patch 
	dsniff-2.4-fedora_dirs.patch dsniff-2.4-glib2.patch 
	dsniff-2.4-libnet_11.patch dsniff-2.4-mailsnarf_corrupt.patch 
	dsniff-2.4-multiple_intf.patch dsniff-2.4-obsolete_time.patch 
	dsniff-2.4-openssl_098.patch dsniff-2.4-pcap_read_dump.patch 
	dsniff-2.4-pop_with_version.patch dsniff-2.4-sshcrypto.patch 
	dsniff-2.4-string_header.patch dsniff-2.4-sysconf_clocks.patch 
	dsniff-2.4-time_h.patch dsniff-2.4-urlsnarf_escape.patch 
	dsniff-2.4-urlsnarf_zeropad.patch dsniff.spec 
Log Message:
Initial spec file for Fedora and Red Hat Enterprise Linux


dsniff-2.4-amd64_fix.patch:

--- NEW FILE dsniff-2.4-amd64_fix.patch ---
Patch by Steve Kemp <skx at debian.org> for dsniff >= 2.4b1, which fixes the
compiling under AMD64 respectively x86_64. For further information, please
have a look to Debian bug ID #254002.

--- dsniff-2.4b1/configure		2005-06-23 03:30:37.000000000 +0000
+++ dsniff-2.4b1/configure.amd64_fix	2005-06-23 04:15:59.000000000 +0000
@@ -2667,15 +2667,62 @@
   echo "$ac_t""no" 1>&6
 fi
 
+echo $ac_n "checking for __dn_expand in -lresolv""... $ac_c" 1>&6
+echo "configure:2672: checking for __dn_expand in -lresolv" >&5
+ac_lib_var=`echo resolv'_'__dn_expand | sed 'y%./+-%__p_%'`
+if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then
+  echo $ac_n "(cached) $ac_c" 1>&6
+else
+  ac_save_LIBS="$LIBS"
+LIBS="-lresolv  $LIBS"
+cat > conftest.$ac_ext <<EOF
+#line 2680 "configure"
+#include "confdefs.h"
+/* Override any gcc2 internal prototype to avoid an error.  */
+/* We use char because int might match the return type of a gcc2
+    builtin and then its argument prototype would still apply.  */
+char __dn_expand();
+
+int main() {
+__dn_expand()
+; return 0; }
+EOF
+if { (eval echo configure:2691: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=yes"
+else
+  echo "configure: failed program was:" >&5
+  cat conftest.$ac_ext >&5
+  rm -rf conftest*
+  eval "ac_cv_lib_$ac_lib_var=no"
+fi
+rm -f conftest*
+LIBS="$ac_save_LIBS"
+
+fi
+if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then
+  echo "$ac_t""yes" 1>&6
+    ac_tr_lib=HAVE_LIB`echo resolv | sed -e 's/[^a-zA-Z0-9_]/_/g' \
+    -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'`
+  cat >> confdefs.h <<EOF
+#define $ac_tr_lib 1
+EOF
+
+  LIBS="-lresolv $LIBS"
+
+else
+  echo "$ac_t""no" 1>&6
+fi
+
 for ac_func in dirname strlcpy strlcat strsep
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2674: checking for $ac_func" >&5
+echo "configure:2721: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2679 "configure"
+#line 2726 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2698,7 +2745,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2702: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -2728,12 +2775,12 @@
 for ac_func in MD5Update
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2732: checking for $ac_func" >&5
+echo "configure:2779: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2737 "configure"
+#line 2784 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2756,7 +2803,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2760: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2807: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -2788,12 +2835,12 @@
 for ac_func in warnx
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2792: checking for $ac_func" >&5
+echo "configure:2839: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2797 "configure"
+#line 2844 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2816,7 +2863,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2820: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2867: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -2848,12 +2895,12 @@
 for ac_func in ether_ntoa
 do
 echo $ac_n "checking for $ac_func""... $ac_c" 1>&6
-echo "configure:2852: checking for $ac_func" >&5
+echo "configure:2899: checking for $ac_func" >&5
 if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then
   echo $ac_n "(cached) $ac_c" 1>&6
 else
   cat > conftest.$ac_ext <<EOF
-#line 2857 "configure"
+#line 2904 "configure"
 #include "confdefs.h"
 /* System header to define __stub macros and hopefully few prototypes,
     which can conflict with char $ac_func(); below.  */
@@ -2876,7 +2923,7 @@
 
 ; return 0; }
 EOF
-if { (eval echo configure:2880: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
+if { (eval echo configure:2927: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then
   rm -rf conftest*
   eval "ac_cv_func_$ac_func=yes"
 else
@@ -2912,7 +2959,7 @@
 fi
 
 echo $ac_n "checking for Berkeley DB with 1.85 compatibility""... $ac_c" 1>&6
-echo "configure:2916: checking for Berkeley DB with 1.85 compatibility" >&5
+echo "configure:2963: checking for Berkeley DB with 1.85 compatibility" >&5
 # Check whether --with-db or --without-db was given.
 if test "${with_db+set}" = set; then
   withval="$with_db"
@@ -3015,7 +3062,7 @@
 
 
 echo $ac_n "checking for libpcap""... $ac_c" 1>&6
-echo "configure:3019: checking for libpcap" >&5
+echo "configure:3066: checking for libpcap" >&5
 # Check whether --with-libpcap or --without-libpcap was given.
 if test "${with_libpcap+set}" = set; then
   withval="$with_libpcap"
@@ -3063,7 +3110,7 @@
 
 
 echo $ac_n "checking for libnet""... $ac_c" 1>&6
-echo "configure:3067: checking for libnet" >&5
+echo "configure:3114: checking for libnet" >&5
 # Check whether --with-libnet or --without-libnet was given.
 if test "${with_libnet+set}" = set; then
   withval="$with_libnet"
@@ -3110,7 +3157,7 @@
 
 
 echo $ac_n "checking for libnids""... $ac_c" 1>&6
-echo "configure:3114: checking for libnids" >&5
+echo "configure:3161: checking for libnids" >&5
 # Check whether --with-libnids or --without-libnids was given.
 if test "${with_libnids+set}" = set; then
   withval="$with_libnids"
@@ -3152,9 +3199,9 @@
 save_cppflags="$CPPFLAGS"
 CPPFLAGS="$NIDSINC"
 echo $ac_n "checking whether libnids version is good""... $ac_c" 1>&6
-echo "configure:3156: checking whether libnids version is good" >&5
+echo "configure:3203: checking whether libnids version is good" >&5
 cat > conftest.$ac_ext <<EOF
-#line 3158 "configure"
+#line 3205 "configure"
 #include "confdefs.h"
 #include <nids.h>
 EOF
@@ -3173,7 +3220,7 @@
 
 
 echo $ac_n "checking for OpenSSL""... $ac_c" 1>&6
-echo "configure:3177: checking for OpenSSL" >&5
+echo "configure:3224: checking for OpenSSL" >&5
 # Check whether --with-openssl or --without-openssl was given.
 if test "${with_openssl+set}" = set; then
   withval="$with_openssl"
--- dsniff-2.4b1/configure.in		2005-06-23 03:30:37.000000000 +0000
+++ dsniff-2.4b1/configure.in.amd64_fix	2005-06-23 04:16:01.000000000 +0000
@@ -57,6 +57,7 @@
 AC_CHECK_LIB(nsl, gethostbyname)
 dnl XXX - feh, everything except OpenBSD sux.
 AC_CHECK_LIB(resolv, dn_expand)
+AC_CHECK_LIB(resolv, __dn_expand)
 AC_REPLACE_FUNCS(dirname strlcpy strlcat strsep)
 needmd5=no
 AC_CHECK_FUNCS(MD5Update, , [needmd5=yes])

dsniff-2.4-arpa_inet_header.patch:

--- NEW FILE dsniff-2.4-arpa_inet_header.patch ---
Patch by Luciano Bello <luciano at linux.org.ar> for dsniff >= 2.4b1, which
adds the missing includes of arpa/inet.

--- dsniff-2.4b1/decode_aim.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_aim.c.inet	2007-06-17 16:26:46.000000000 -0300
@@ -14,6 +14,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <arpa/inet.h>
 
 #include "hex.h"
 #include "buf.h"
--- dsniff-2.4b1/decode_mmxp.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_mmxp.c.inet	2007-06-17 16:26:46.000000000 -0300
@@ -21,6 +21,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <arpa/inet.h>
 
 #include "buf.h"
 #include "decode.h"
--- dsniff-2.4b1/decode_pptp.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_pptp.c.inet	2007-06-17 16:26:46.000000000 -0300
@@ -16,6 +16,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <arpa/inet.h>
 
 #include "buf.h"
 #include "decode.h"
--- dsniff-2.4b1/decode_tds.c		2007-06-17 16:26:46.000000000 -0300
+++ dsniff-2.4b1/decode_tds.c.inet	2007-06-17 16:26:46.000000000 -0300
@@ -19,6 +19,7 @@
 #include <stdio.h>
 #include <string.h>
 #include <strlcat.h>
+#include <arpa/inet.h>
 
 #include "decode.h"
 
--- dsniff-2.4b1/decode_vrrp.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_vrrp.c.inet	2007-06-17 16:26:46.000000000 -0300
@@ -15,6 +15,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <arpa/inet.h>
 
 #include "buf.h"
 #include "decode.h"
--- dsniff-2.4b1/ssh.c			2007-06-17 16:26:46.000000000 -0300
+++ dsniff-2.4b1/ssh.c.inet		2007-06-17 16:26:46.000000000 -0300
@@ -23,6 +23,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <arpa/inet.h>
 #include <unistd.h>
 
 #include "hex.h"

dsniff-2.4-checksum.patch:

--- NEW FILE dsniff-2.4-checksum.patch ---
Patch by iotr Engelking <inkerman42 at gmail.com> for dsniff >= 2.4b1, which
disables the filtering packets with incorrect checksum. And for any further
information, please have a look to Debian bug ID #372536.

--- dsniff-2.4b1/urlsnarf.c		2006-09-21 01:50:01.000000000 +0200
+++ dsniff-2.4b1/urlsnarf.c.checksum	2006-09-21 01:51:13.000000000 +0200
@@ -200,6 +200,7 @@
 	extern char *optarg;
 	extern int optind;
 	int c;
+	struct nids_chksum_ctl chksum_ctl;
 	
 	while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
 		switch (c) {
@@ -260,6 +261,12 @@
                 }
         }
 
+        chksum_ctl.netaddr = 0;
+        chksum_ctl.mask = 0;
+        chksum_ctl.action = NIDS_DONT_CHKSUM;
+
+        nids_register_chksum_ctl(&chksum_ctl, 1);
+
 	nids_run();
 	
 	/* NOTREACHED */

dsniff-2.4-checksum_libnids.patch:

--- NEW FILE dsniff-2.4-checksum_libnids.patch ---
Patch by Gleb Paharenko <gpaharenko at gmail.com> for dsniff >= 2.4b1, which
adds checksum for libnids. For further information, please have a look to
Debian bug ID #420129.

--- dsniff-2.4b1/dsniff.c		2007-08-11 01:37:33.000000000 -0300
+++ dsniff-2.4b1/dsniff.c.checksum	2007-08-11 01:38:55.000000000 -0300
@@ -70,6 +70,80 @@
 {
 }
 
+
+static int get_all_ifaces(struct ifreq **, int *);
+static unsigned int get_addr_from_ifreq(struct ifreq *);
+
+int all_local_ipaddrs_chksum_disable()
+{
+	struct ifreq *ifaces;
+	int ifaces_count;
+	int i, ind = 0;
+	struct nids_chksum_ctl *ctlp;
+	unsigned int tmp;
+
+	if (!get_all_ifaces(&ifaces, &ifaces_count))
+		return -1;
+	ctlp =
+	    (struct nids_chksum_ctl *) malloc(ifaces_count *
+					      sizeof(struct
+						     nids_chksum_ctl));
+	if (!ctlp)
+		return -1;
+	for (i = 0; i < ifaces_count; i++) {
+		tmp = get_addr_from_ifreq(ifaces + i);
+		if (tmp) {
+			ctlp[ind].netaddr = tmp;
+			ctlp[ind].mask = inet_addr("255.255.255.255");
+			ctlp[ind].action = NIDS_DONT_CHKSUM;
+			ind++;
+		}
+	}
+	free(ifaces);
+	nids_register_chksum_ctl(ctlp, ind);
+}
+
+/* helper functions for Example 2 */
+unsigned int get_addr_from_ifreq(struct ifreq *iface)
+{
+	if (iface->ifr_addr.sa_family == AF_INET)
+		return ((struct sockaddr_in *) &(iface->ifr_addr))->
+		    sin_addr.s_addr;
+	return 0;
+}
+
+static int get_all_ifaces(struct ifreq **ifaces, int *count)
+{
+	int ifaces_size = 8 * sizeof(struct ifreq);
+	struct ifconf param;
+	int sock;
+	unsigned int i;
+
+	*ifaces = malloc(ifaces_size);
+	sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_IP);
+	if (sock <= 0)
+		return 0;
+	for (;;) {
+		param.ifc_len = ifaces_size;
+		param.ifc_req = *ifaces;
+		if (ioctl(sock, SIOCGIFCONF, &param))
+			goto err;
+		if (param.ifc_len < ifaces_size)
+			break;
+		free(*ifaces);
+		ifaces_size *= 2;
+		ifaces = malloc(ifaces_size);
+	}
+	*count = param.ifc_len / sizeof(struct ifreq);
+	close(sock);
+	return 1;
+      err:
+	close(sock);
+	return 0;
+}
+
+
+
 int
 main(int argc, char *argv[])
 {
@@ -189,6 +263,8 @@
 			warnx("using %s", nids_params.filename);
 		}
 	}
+
+	all_local_ipaddrs_chksum_disable();
 	
 	nids_run();
 	

dsniff-2.4-fedora_dirs.patch:

--- NEW FILE dsniff-2.4-fedora_dirs.patch ---
Patch by Steve Kemp <skx at debian.org> for dsniff >= 2.4b1, which changes
various paths for the Fedora directory structure.

--- dsniff-2.4b1/Makefile.in		2005-06-23 03:30:37.000000000 +0000
+++ dsniff-2.4b1/Makefile.in.fedora	2005-06-23 04:17:14.000000000 +0000
@@ -11,7 +11,7 @@
 install_prefix  =
 prefix          = @prefix@
 exec_prefix	= @exec_prefix@
-libdir		= @libdir@
+libdir		= @sysconfdir@/dsniff
 sbindir         = @sbindir@
 mandir		= @mandir@
 
@@ -37,8 +37,7 @@
 X11INC	= @X_CFLAGS@
 X11LIB	= @X_LIBS@ @X_PRE_LIBS@ -lXmu -lX11 @X_EXTRA_LIBS@
 
-INCS	= -I. $(NIDSINC) $(PCAPINC) $(LNETINC) $(DBINC) $(SSLINC) $(X11INC) \
-	  -I$(srcdir)/missing
+INCS	= -I. $(X11INC) -I$(srcdir)/missing 
 LIBS	= @LIBS@ -L$(srcdir) -lmissing
 
 INSTALL	= @INSTALL@
--- dsniff-2.4b1/dnsspoof.8		2005-06-23 03:30:37.000000000 +0000
+++ dsniff-2.4b1/dnsspoof.8.fedora	2005-06-23 04:17:37.000000000 +0000
@@ -31,7 +31,7 @@
 address queries on the LAN with an answer of the local machine's IP
 address.
 .SH FILES
-.IP \fI/usr/local/lib/dnsspoof.hosts\fR
+.IP \fI/etc/dsniff/dnsspoof.hosts\fR
 Sample hosts file.
 .SH "SEE ALSO"
 dsniff(8), hosts(5)
--- dsniff-2.4b1/dsniff.8		2005-06-23 04:17:06.000000000 +0000
+++ dsniff-2.4b1/dsniff.8.fedora	2005-06-23 04:18:21.000000000 +0000
@@ -68,9 +68,9 @@
 On a hangup signal \fBdsniff\fR will dump its current trigger table to
 \fIdsniff.services\fR.
 .SH FILES
-.IP \fI/usr/local/lib/dsniff.services\fR
+.IP \fI/etc/dsniff/dsniff.services\fR
 Default trigger table
-.IP \fI/usr/local/lib/dsniff.magic\fR
+.IP \fI/etc/dsniff/dsniff.magic\fR
 Network protocol magic
 .SH "SEE ALSO"
 arpspoof(8), libnids(3), services(5), magic(5)
--- dsniff-2.4b1/pathnames.h		2005-06-23 03:30:37.000000000 +0000
+++ dsniff-2.4b1/pathnames.h.fedora	2005-06-23 04:17:25.000000000 +0000
@@ -12,7 +12,7 @@
 #define PATHNAMES_H
 
 #ifndef DSNIFF_LIBDIR
-#define DSNIFF_LIBDIR		"/usr/local/lib/"
+#define DSNIFF_LIBDIR		"/etc/dsniff/"
 #endif
 
 #define DSNIFF_SERVICES		"dsniff.services"

dsniff-2.4-glib2.patch:

--- NEW FILE dsniff-2.4-glib2.patch ---
Patch by Robert Scheck <robert at fedoraproject.org> for dsniff >= 2.4b1, that
adds some missing linkages to glib2.

--- dsniff-2.4b1/Makefile.in		2007-11-24 13:56:47.000000000 +0100
+++ dsniff-2.4b1/Makefile.in.glib2	2007-11-24 15:40:55.000000000 +0100
@@ -26,7 +26,7 @@
 LNETLIB = @LNETLIB@
 
 NIDSINC	= @NIDSINC@
-NIDSLIB	= @NIDSLIB@
+NIDSLIB	= @NIDSLIB@ -lglib-2.0 -lgthread-2.0 -lpthread
 
 DBINC	= @DBINC@
 DBLIB	= @DBLIB@

dsniff-2.4-libnet_11.patch:

--- NEW FILE dsniff-2.4-libnet_11.patch ---
Patch for dsniff >= 2.4b1, which adds support for libnet >= 1.1 having a
completely rewritten API.

--- dsniff-2.4b1/arpspoof.c		2006-06-09 13:35:29.000000000 +0300
+++ dsniff-2.4b1/arpspoof.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -27,7 +27,7 @@
 
 extern char *ether_ntoa(struct ether_addr *);
 
-static struct libnet_link_int *llif;
+static libnet_t *l;
 static struct ether_addr spoof_mac, target_mac;
 static in_addr_t spoof_ip, target_ip;
 static char *intf;
@@ -41,47 +41,49 @@
 }
 
 static int
-arp_send(struct libnet_link_int *llif, char *dev,
-	 int op, u_char *sha, in_addr_t spa, u_char *tha, in_addr_t tpa)
+arp_send(libnet_t *l, int op, u_int8_t *sha,
+	 in_addr_t spa, u_int8_t *tha, in_addr_t tpa)
 {
-	char ebuf[128];
-	u_char pkt[60];
-	
+	int retval;
+
 	if (sha == NULL &&
-	    (sha = (u_char *)libnet_get_hwaddr(llif, dev, ebuf)) == NULL) {
+	    (sha = (u_int8_t *)libnet_get_hwaddr(l)) == NULL) {
 		return (-1);
 	}
 	if (spa == 0) {
-		if ((spa = libnet_get_ipaddr(llif, dev, ebuf)) == 0)
+		if ((spa = libnet_get_ipaddr4(l)) == -1)
 			return (-1);
-		spa = htonl(spa); /* XXX */
 	}
 	if (tha == NULL)
 		tha = "\xff\xff\xff\xff\xff\xff";
 	
-	libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, pkt);
+	libnet_autobuild_arp(op, sha, (u_int8_t *)&spa,
+			     tha, (u_int8_t *)&tpa, l);
+	libnet_build_ethernet(tha, sha, ETHERTYPE_ARP, NULL, 0, l, 0);
 	
-	libnet_build_arp(ARPHRD_ETHER, ETHERTYPE_IP, ETHER_ADDR_LEN, 4,
-			 op, sha, (u_char *)&spa, tha, (u_char *)&tpa,
-			 NULL, 0, pkt + ETH_H);
-
 	fprintf(stderr, "%s ",
 		ether_ntoa((struct ether_addr *)sha));
 
 	if (op == ARPOP_REQUEST) {
 		fprintf(stderr, "%s 0806 42: arp who-has %s tell %s\n",
 			ether_ntoa((struct ether_addr *)tha),
-			libnet_host_lookup(tpa, 0),
-			libnet_host_lookup(spa, 0));
+			libnet_addr2name4(tpa, LIBNET_DONT_RESOLVE),
+			libnet_addr2name4(spa, LIBNET_DONT_RESOLVE));
 	}
 	else {
 		fprintf(stderr, "%s 0806 42: arp reply %s is-at ",
 			ether_ntoa((struct ether_addr *)tha),
-			libnet_host_lookup(spa, 0));
+			libnet_addr2name4(spa, LIBNET_DONT_RESOLVE));
 		fprintf(stderr, "%s\n",
 			ether_ntoa((struct ether_addr *)sha));
 	}
-	return (libnet_write_link_layer(llif, dev, pkt, sizeof(pkt)) == sizeof(pkt));
+	retval = libnet_write(l);
+	if (retval)
+		fprintf(stderr, "%s", libnet_geterror(l));
+
+	libnet_clear_packet(l);
+
+	return retval;
 }
 
 #ifdef __linux__
@@ -119,7 +121,7 @@
 		/* XXX - force the kernel to arp. feh. */
 		arp_force(ip);
 #else
-		arp_send(llif, intf, ARPOP_REQUEST, NULL, 0, NULL, ip);
+		arp_send(l, ARPOP_REQUEST, NULL, 0, NULL, ip);
 #endif
 		sleep(1);
 	}
@@ -136,9 +138,9 @@
 	if (arp_find(spoof_ip, &spoof_mac)) {
 		for (i = 0; i < 3; i++) {
 			/* XXX - on BSD, requires ETHERSPOOF kernel. */
-			arp_send(llif, intf, ARPOP_REPLY,
-				 (u_char *)&spoof_mac, spoof_ip,
-				 (target_ip ? (u_char *)&target_mac : NULL),
+			arp_send(l, ARPOP_REPLY,
+				 (u_int8_t *)&spoof_mac, spoof_ip,
+				 (target_ip ? (u_int8_t *)&target_mac : NULL),
 				 target_ip);
 			sleep(1);
 		}
@@ -151,7 +153,8 @@
 {
 	extern char *optarg;
 	extern int optind;
-	char ebuf[PCAP_ERRBUF_SIZE];
+	char pcap_ebuf[PCAP_ERRBUF_SIZE];
+	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
 	int c;
 	
 	intf = NULL;
@@ -163,7 +166,7 @@
 			intf = optarg;
 			break;
 		case 't':
-			if ((target_ip = libnet_name_resolve(optarg, 1)) == -1)
+			if ((target_ip = libnet_name2addr4(l, optarg, LIBNET_RESOLVE)) == -1)
 				usage();
 			break;
 		default:
@@ -176,26 +179,26 @@
 	if (argc != 1)
 		usage();
 	
-	if ((spoof_ip = libnet_name_resolve(argv[0], 1)) == -1)
+	if ((spoof_ip = libnet_name2addr4(l, argv[0], LIBNET_RESOLVE)) == -1)
 		usage();
 	
-	if (intf == NULL && (intf = pcap_lookupdev(ebuf)) == NULL)
-		errx(1, "%s", ebuf);
+	if (intf == NULL && (intf = pcap_lookupdev(pcap_ebuf)) == NULL)
+		errx(1, "%s", pcap_ebuf);
 	
-	if ((llif = libnet_open_link_interface(intf, ebuf)) == 0)
-		errx(1, "%s", ebuf);
+	if ((l = libnet_init(LIBNET_LINK, intf, libnet_ebuf)) == NULL)
+		errx(1, "%s", libnet_ebuf);
 	
 	if (target_ip != 0 && !arp_find(target_ip, &target_mac))
 		errx(1, "couldn't arp for host %s",
-		     libnet_host_lookup(target_ip, 0));
+		     libnet_addr2name4(target_ip, LIBNET_DONT_RESOLVE));
 	
 	signal(SIGHUP, cleanup);
 	signal(SIGINT, cleanup);
 	signal(SIGTERM, cleanup);
 	
 	for (;;) {
-		arp_send(llif, intf, ARPOP_REPLY, NULL, spoof_ip,
-			 (target_ip ? (u_char *)&target_mac : NULL),
+		arp_send(l, ARPOP_REPLY, NULL, spoof_ip,
+			 (target_ip ? (u_int8_t *)&target_mac : NULL),
 			 target_ip);
 		sleep(2);
 	}
--- dsniff-2.4b1/dnsspoof.c		2001-03-15 10:33:03.000000000 +0200
+++ dsniff-2.4b1/dnsspoof.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -38,7 +38,7 @@
 
 pcap_t		*pcap_pd = NULL;
 int		 pcap_off = -1;
-int		 lnet_sock = -1;
+libnet_t	*l;
 u_long		 lnet_ip = -1;
 
 static void
@@ -90,19 +90,18 @@
 dns_init(char *dev, char *filename)
 {
 	FILE *f;
-	struct libnet_link_int *llif;
+	libnet_t *l;
+	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
 	struct dnsent *de;
 	char *ip, *name, buf[1024];
 
-	if ((llif = libnet_open_link_interface(dev, buf)) == NULL)
-		errx(1, "%s", buf);
+	if ((l = libnet_init(LIBNET_LINK, dev, libnet_ebuf)) == NULL)
+		errx(1, "%s", libnet_ebuf);
 	
-	if ((lnet_ip = libnet_get_ipaddr(llif, dev, buf)) == -1)
-		errx(1, "%s", buf);
+	if ((lnet_ip = libnet_get_ipaddr4(l)) == -1)
+		errx(1, "%s", libnet_geterror(l));
 
-	lnet_ip = htonl(lnet_ip);
-	
-	libnet_close_link_interface(llif);
+	libnet_destroy(l);
 
 	SLIST_INIT(&dns_entries);
 	
@@ -180,7 +179,7 @@
 static void
 dns_spoof(u_char *u, const struct pcap_pkthdr *pkthdr, const u_char *pkt)
 {
-	struct libnet_ip_hdr *ip;
+	struct libnet_ipv4_hdr *ip;
 	struct libnet_udp_hdr *udp;
 	HEADER *dns;
 	char name[MAXHOSTNAMELEN];
@@ -189,7 +188,7 @@
 	in_addr_t dst;
 	u_short type, class;
 
-	ip = (struct libnet_ip_hdr *)(pkt + pcap_off);
+	ip = (struct libnet_ipv4_hdr *)(pkt + pcap_off);
 	udp = (struct libnet_udp_hdr *)(pkt + pcap_off + (ip->ip_hl * 4));
 	dns = (HEADER *)(udp + 1);
 	p = (u_char *)(dns + 1);
@@ -212,7 +211,7 @@
 	if (class != C_IN)
 		return;
 
-	p = buf + IP_H + UDP_H + dnslen;
+	p = buf + dnslen;
 	
 	if (type == T_A) {
 		if ((dst = dns_lookup_a(name)) == -1)
@@ -234,38 +233,38 @@
 		anslen += 12;
 	}
 	else return;
-	
-	libnet_build_ip(UDP_H + dnslen + anslen, 0, libnet_get_prand(PRu16),
-			0, 64, IPPROTO_UDP, ip->ip_dst.s_addr,
-			ip->ip_src.s_addr, NULL, 0, buf);
-	
-	libnet_build_udp(ntohs(udp->uh_dport), ntohs(udp->uh_sport),
-			 NULL, dnslen + anslen, buf + IP_H);
 
-	memcpy(buf + IP_H + UDP_H, (u_char *)dns, dnslen);
+	memcpy(buf, (u_char *)dns, dnslen);
 
-	dns = (HEADER *)(buf + IP_H + UDP_H);
+	dns = (HEADER *)buf;
 	dns->qr = dns->ra = 1;
 	if (type == T_PTR) dns->aa = 1;
 	dns->ancount = htons(1);
 
 	dnslen += anslen;
+
+	libnet_clear_packet(l);
+	libnet_build_udp(ntohs(udp->uh_dport), ntohs(udp->uh_sport),
+			 LIBNET_UDP_H + dnslen, 0,
+			 (u_int8_t *)buf, dnslen, l, 0);
+
+	libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_UDP_H + dnslen, 0,
+			  libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_UDP, 0,
+			  ip->ip_dst.s_addr, ip->ip_src.s_addr, NULL, 0, l, 0);
 	
-	libnet_do_checksum(buf, IPPROTO_UDP, UDP_H + dnslen);
-	
-	if (libnet_write_ip(lnet_sock, buf, IP_H + UDP_H + dnslen) < 0)
+	if (libnet_write(l) < 0)
 		warn("write");
 
 	fprintf(stderr, "%s.%d > %s.%d:  %d+ %s? %s\n",
-	      libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(udp->uh_sport),
-	      libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(udp->uh_dport),
+	      libnet_addr2name4(ip->ip_src.s_addr, 0), ntohs(udp->uh_sport),
+	      libnet_addr2name4(ip->ip_dst.s_addr, 0), ntohs(udp->uh_dport),
 	      ntohs(dns->id), type == T_A ? "A" : "PTR", name);
 }
 
 static void
 cleanup(int sig)
 {
-	libnet_close_raw_sock(lnet_sock);
+	libnet_destroy(l);
 	pcap_close(pcap_pd);
 	exit(0);
 }
@@ -276,6 +275,7 @@
 	extern char *optarg;
 	extern int optind;
 	char *p, *dev, *hosts, buf[1024];
+	char ebuf[LIBNET_ERRBUF_SIZE];
 	int i;
 
 	dev = hosts = NULL;
@@ -306,7 +306,7 @@
 		strlcpy(buf, p, sizeof(buf));
 	}
 	else snprintf(buf, sizeof(buf), "udp dst port 53 and not src %s",
-		      libnet_host_lookup(lnet_ip, 0));
+		      libnet_addr2name4(lnet_ip, LIBNET_DONT_RESOLVE));
 	
 	if ((pcap_pd = pcap_init(dev, buf, 128)) == NULL)
 		errx(1, "couldn't initialize sniffing");
@@ -314,10 +314,10 @@
 	if ((pcap_off = pcap_dloff(pcap_pd)) < 0)
 		errx(1, "couldn't determine link layer offset");
 	
-	if ((lnet_sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
+	if ((l = libnet_init(LIBNET_RAW4, dev, ebuf)) == NULL)
 		errx(1, "couldn't initialize sending");
 	
-	libnet_seed_prand();
+	libnet_seed_prand(l);
 	
 	signal(SIGHUP, cleanup);
 	signal(SIGINT, cleanup);
--- dsniff-2.4b1/filesnarf.c		2006-06-09 13:35:29.000000000 +0300
+++ dsniff-2.4b1/filesnarf.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -134,8 +134,8 @@
 	int fd;
 
 	warnx("%s.%d > %s.%d: %s (%d@%d)",
-	      libnet_host_lookup(addr->daddr, 0), addr->dest,
-	      libnet_host_lookup(addr->saddr, 0), addr->source,
+	      libnet_addr2name4(addr->daddr, LIBNET_DONT_RESOLVE), addr->dest,
+	      libnet_addr2name4(addr->saddr, LIBNET_DONT_RESOLVE), addr->source,
 	      ma->filename, len, ma->offset);
 	
 	if ((fd = open(ma->filename, O_WRONLY|O_CREAT, 0644)) >= 0) {
@@ -353,7 +353,7 @@
 }
 
 static void
-decode_udp_nfs(struct libnet_ip_hdr *ip)
+decode_udp_nfs(struct libnet_ipv4_hdr *ip)
 {
 	static struct tuple4 addr;
 	struct libnet_udp_hdr *udp;
--- dsniff-2.4b1/macof.c		2001-03-15 10:33:04.000000000 +0200
+++ dsniff-2.4b1/macof.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -48,8 +48,8 @@
 static void
 gen_mac(u_char *mac)
 {
-	*((in_addr_t *)mac) = libnet_get_prand(PRu32);
-	*((u_short *)(mac + 4)) = libnet_get_prand(PRu16);
+	*((in_addr_t *)mac) = libnet_get_prand(LIBNET_PRu32);
+	*((u_short *)(mac + 4)) = libnet_get_prand(LIBNET_PRu16);
 }
 
 int
@@ -59,22 +59,23 @@
 	extern int optind;
 	int c, i;
 	struct libnet_link_int *llif;
-	char ebuf[PCAP_ERRBUF_SIZE];
+	char pcap_ebuf[PCAP_ERRBUF_SIZE];
+	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
 	u_char sha[ETHER_ADDR_LEN], tha[ETHER_ADDR_LEN];
 	in_addr_t src, dst;
 	u_short sport, dport;
 	u_int32_t seq;
-	u_char pkt[ETH_H + IP_H + TCP_H];
+	libnet_t *l;
 	
 	while ((c = getopt(argc, argv, "vs:d:e:x:y:i:n:h?V")) != -1) {
 		switch (c) {
 		case 'v':
 			break;
 		case 's':
-			Src = libnet_name_resolve(optarg, 0);
+			Src = libnet_name2addr4(l, optarg, 0);
 			break;
 		case 'd':
-			Dst = libnet_name_resolve(optarg, 0);
+			Dst = libnet_name2addr4(l, optarg, 0);
 			break;
 		case 'e':
 			Tha = (u_char *)ether_aton(optarg);
@@ -101,13 +102,13 @@
 	if (argc != 0)
 		usage();
 	
-	if (!Intf && (Intf = pcap_lookupdev(ebuf)) == NULL)
-		errx(1, "%s", ebuf);
+	if (!Intf && (Intf = pcap_lookupdev(pcap_ebuf)) == NULL)
+		errx(1, "%s", pcap_ebuf);
 	
-	if ((llif = libnet_open_link_interface(Intf, ebuf)) == 0)
-		errx(1, "%s", ebuf);
+	if ((l = libnet_init(LIBNET_LINK, Intf, libnet_ebuf)) == NULL)
+		errx(1, "%s", libnet_ebuf);
 	
-	libnet_seed_prand();
+	libnet_seed_prand(l);
 	
 	for (i = 0; i != Repeat; i++) {
 		
@@ -117,39 +118,39 @@
 		else memcpy(tha, Tha, sizeof(tha));
 		
 		if (Src != 0) src = Src;
-		else src = libnet_get_prand(PRu32);
+		else src = libnet_get_prand(LIBNET_PRu32);
 		
 		if (Dst != 0) dst = Dst;
-		else dst = libnet_get_prand(PRu32);
+		else dst = libnet_get_prand(LIBNET_PRu32);
 		
 		if (Sport != 0) sport = Sport;
-		else sport = libnet_get_prand(PRu16);
+		else sport = libnet_get_prand(LIBNET_PRu16);
 		
 		if (Dport != 0) dport = Dport;
-		else dport = libnet_get_prand(PRu16);
+		else dport = libnet_get_prand(LIBNET_PRu16);
 
-		seq = libnet_get_prand(PRu32);
-		
-		libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, pkt);
-		
-		libnet_build_ip(TCP_H, 0, libnet_get_prand(PRu16), 0, 64,
-				IPPROTO_TCP, src, dst, NULL, 0, pkt + ETH_H);
+		seq = libnet_get_prand(LIBNET_PRu32);
 		
 		libnet_build_tcp(sport, dport, seq, 0, TH_SYN, 512,
-				 0, NULL, 0, pkt + ETH_H + IP_H);
+				 0, 0, LIBNET_TCP_H, NULL, 0, l, 0);
 		
-		libnet_do_checksum(pkt + ETH_H, IPPROTO_IP, IP_H);
-		libnet_do_checksum(pkt + ETH_H, IPPROTO_TCP, TCP_H);
+		libnet_build_ipv4(LIBNET_TCP_H, 0,
+				  libnet_get_prand(LIBNET_PRu16), 0, 64,
+				  IPPROTO_TCP, 0, src, dst, NULL, 0, l, 0);
 		
-		if (libnet_write_link_layer(llif, Intf, pkt, sizeof(pkt)) < 0)
+		libnet_build_ethernet(tha, sha, ETHERTYPE_IP, NULL, 0, l, 0);
+		
+		if (libnet_write(l) < 0)
 			errx(1, "write");
 
+		libnet_clear_packet(l);
+
 		fprintf(stderr, "%s ",
 			ether_ntoa((struct ether_addr *)sha));
 		fprintf(stderr, "%s %s.%d > %s.%d: S %u:%u(0) win 512\n",
 			ether_ntoa((struct ether_addr *)tha),
-			libnet_host_lookup(Src, 0), sport,
-			libnet_host_lookup(Dst, 0), dport, seq, seq);
+			libnet_addr2name4(Src, 0), sport,
+			libnet_addr2name4(Dst, 0), dport, seq, seq);
 	}
 	exit(0);
 }
--- dsniff-2.4b1/record.c		2001-03-15 10:33:04.000000000 +0200
+++ dsniff-2.4b1/record.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -65,8 +65,8 @@
 	tm = localtime(&rec->time);
 	strftime(tstr, sizeof(tstr), "%x %X", tm);
 	
-	srcp = libnet_host_lookup(rec->src, Opt_dns);
-	dstp = libnet_host_lookup(rec->dst, Opt_dns);
+	srcp = libnet_addr2name4(rec->src, Opt_dns);
+	dstp = libnet_addr2name4(rec->dst, Opt_dns);
 
 	if ((pr = getprotobynumber(rec->proto)) == NULL)
 		protop = "unknown";
--- dsniff-2.4b1/sshmitm.c		2001-03-15 10:33:04.000000000 +0200
+++ dsniff-2.4b1/sshmitm.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -389,7 +389,7 @@
 	if (argc < 1)
 		usage();
 	
-	if ((ip = libnet_name_resolve(argv[0], 1)) == -1)
+	if ((ip = libnet_name2addr4(NULL, argv[0], LIBNET_RESOLVE)) == -1)
 		usage();
 
 	if (argc == 2 && (rport = atoi(argv[1])) == 0)
--- dsniff-2.4b1/tcpkill.c		2001-03-17 10:10:43.000000000 +0200
+++ dsniff-2.4b1/tcpkill.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -39,17 +39,18 @@
 static void
 tcp_kill_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt)
 {
-	struct libnet_ip_hdr *ip;
+	struct libnet_ipv4_hdr *ip;
 	struct libnet_tcp_hdr *tcp;
-	u_char ctext[64], buf[IP_H + TCP_H];
+	u_char ctext[64];
 	u_int32_t seq, win;
-	int i, *sock, len;
+	int i, len;
+	libnet_t *l;
 
-	sock = (int *)user;
+	l = (libnet_t *)user;
 	pkt += pcap_off;
 	len = pcap->caplen - pcap_off;
 
-	ip = (struct libnet_ip_hdr *)pkt;
+	ip = (struct libnet_ipv4_hdr *)pkt;
 	if (ip->ip_p != IPPROTO_TCP)
 		return;
 	
@@ -57,34 +58,31 @@
 	if (tcp->th_flags & (TH_SYN|TH_FIN|TH_RST))
 		return;
 
-	libnet_build_ip(TCP_H, 0, 0, 0, 64, IPPROTO_TCP,
-			ip->ip_dst.s_addr, ip->ip_src.s_addr,
-			NULL, 0, buf);
-
-	libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),
-			 0, 0, TH_RST, 0, 0, NULL, 0, buf + IP_H);
-	
 	seq = ntohl(tcp->th_ack);
 	win = ntohs(tcp->th_win);
 	
 	snprintf(ctext, sizeof(ctext), "%s:%d > %s:%d:",
-		 libnet_host_lookup(ip->ip_src.s_addr, 0),
+		 libnet_addr2name4(ip->ip_src.s_addr, LIBNET_DONT_RESOLVE),
 		 ntohs(tcp->th_sport),
-		 libnet_host_lookup(ip->ip_dst.s_addr, 0),
+		 libnet_addr2name4(ip->ip_dst.s_addr, LIBNET_DONT_RESOLVE),
 		 ntohs(tcp->th_dport));
 	
-	ip = (struct libnet_ip_hdr *)buf;
-	tcp = (struct libnet_tcp_hdr *)(ip + 1);
-	
 	for (i = 0; i < Opt_severity; i++) {
-		ip->ip_id = libnet_get_prand(PRu16);
 		seq += (i * win);
-		tcp->th_seq = htonl(seq);
 		
-		libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
+		libnet_clear_packet(l);
 		
-		if (libnet_write_ip(*sock, buf, sizeof(buf)) < 0)
-			warn("write_ip");
+		libnet_build_tcp(ntohs(tcp->th_dport), ntohs(tcp->th_sport),
+				 seq, 0, TH_RST, 0, 0, 0, LIBNET_TCP_H, 
+				 NULL, 0, l, 0);
+		
+		libnet_build_ipv4(LIBNET_IPV4_H + LIBNET_TCP_H, 0,
+				  libnet_get_prand(LIBNET_PRu16), 0, 64,
+				  IPPROTO_TCP, 0, ip->ip_dst.s_addr,
+				  ip->ip_src.s_addr, NULL, 0, l, 0);
+		
+		if (libnet_write(l) < 0)
+			warn("write");
 		
 		fprintf(stderr, "%s R %lu:%lu(0) win 0\n", ctext, seq, seq);
 	}
@@ -95,8 +93,10 @@
 {
 	extern char *optarg;
 	extern int optind;
-	int c, sock;
+	int c;
 	char *p, *intf, *filter, ebuf[PCAP_ERRBUF_SIZE];
+	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+	libnet_t *l;
 	pcap_t *pd;
 	
 	intf = NULL;
@@ -136,14 +136,14 @@
 	if ((pcap_off = pcap_dloff(pd)) < 0)
 		errx(1, "couldn't determine link layer offset");
 	
-	if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
+	if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL)
 		errx(1, "couldn't initialize sending");
 	
-	libnet_seed_prand();
+	libnet_seed_prand(l);
 	
 	warnx("listening on %s [%s]", intf, filter);
 	
-	pcap_loop(pd, -1, tcp_kill_cb, (u_char *)&sock);
+	pcap_loop(pd, -1, tcp_kill_cb, (u_char *)l);
   
 	/* NOTREACHED */
 	
--- dsniff-2.4b1/tcpnice.c		2001-03-17 09:41:51.000000000 +0200
+++ dsniff-2.4b1/tcpnice.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -41,107 +41,106 @@
 }
 
 static void
-send_tcp_window_advertisement(int sock, struct libnet_ip_hdr *ip,
+send_tcp_window_advertisement(libnet_t *l, struct libnet_ipv4_hdr *ip,
 			     struct libnet_tcp_hdr *tcp)
 {
 	int len;
 	
 	ip->ip_hl = 5;
-	ip->ip_len = htons(IP_H + TCP_H);
-	ip->ip_id = libnet_get_prand(PRu16);
-	memcpy(buf, (u_char *)ip, IP_H);
+	ip->ip_len = htons(LIBNET_IPV4_H + LIBNET_TCP_H);
+	ip->ip_id = libnet_get_prand(LIBNET_PRu16);
+	memcpy(buf, (u_char *)ip, LIBNET_IPV4_H);
 	
 	tcp->th_off = 5;
 	tcp->th_win = htons(MIN_WIN);
-	memcpy(buf + IP_H, (u_char *)tcp, TCP_H);
+	memcpy(buf + LIBNET_IPV4_H, (u_char *)tcp, LIBNET_TCP_H);
 	
-	libnet_do_checksum(buf, IPPROTO_TCP, TCP_H);
+	libnet_do_checksum(l, buf, IPPROTO_TCP, LIBNET_TCP_H);
 	
-	len = IP_H + TCP_H;
+	len = LIBNET_IPV4_H + LIBNET_TCP_H;
 	
-	if (libnet_write_ip(sock, buf, len) != len)
+	if (libnet_write_raw_ipv4(l, buf, len) != len)
 		warn("write");
 	
 	fprintf(stderr, "%s:%d > %s:%d: . ack %lu win %d\n",
-		libnet_host_lookup(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport),
-		libnet_host_lookup(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport),
+		libnet_addr2name4(ip->ip_src.s_addr, 0), ntohs(tcp->th_sport),
+		libnet_addr2name4(ip->ip_dst.s_addr, 0), ntohs(tcp->th_dport),
 		ntohl(tcp->th_ack), 1);
 }
 
 static void
-send_icmp_source_quench(int sock, struct libnet_ip_hdr *ip)
+send_icmp_source_quench(libnet_t *l, struct libnet_ipv4_hdr *ip)
 {
-	struct libnet_icmp_hdr *icmp;
+	struct libnet_icmpv4_hdr *icmp;
 	int len;
 	
 	len = (ip->ip_hl * 4) + 8;
 
-	libnet_build_ip(ICMP_ECHO_H + len, 0, libnet_get_prand(PRu16),
-			0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr,
-			ip->ip_src.s_addr, NULL, 0, buf);
-	
-	icmp = (struct libnet_icmp_hdr *)(buf + IP_H);
+	icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H);
 	icmp->icmp_type = ICMP_SOURCEQUENCH;
 	icmp->icmp_code = 0;
-	memcpy((u_char *)icmp + ICMP_ECHO_H, (u_char *)ip, len);
+	memcpy((u_char *)icmp + LIBNET_ICMPV4_ECHO_H, (u_char *)ip, len);
 	
-	libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_ECHO_H + len);
+	len += LIBNET_ICMPV4_ECHO_H;
 	
-	len += (IP_H + ICMP_ECHO_H);
+	libnet_build_ipv4(LIBNET_IPV4_H + len, 0,
+			  libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP,
+			  0, ip->ip_dst.s_addr, ip->ip_src.s_addr,
+			  (u_int8_t *) icmp, len, l, 0);
 	
-	if (libnet_write_ip(sock, buf, len) != len)
+	if (libnet_write(l) != len)
 		warn("write");
 	
 	fprintf(stderr, "%s > %s: icmp: source quench\n",
-		libnet_host_lookup(ip->ip_dst.s_addr, 0),
-		libnet_host_lookup(ip->ip_src.s_addr, 0));
+		libnet_addr2name4(ip->ip_dst.s_addr, 0),
+		libnet_addr2name4(ip->ip_src.s_addr, 0));
 }
 
 static void
-send_icmp_frag_needed(int sock, struct libnet_ip_hdr *ip)
+send_icmp_frag_needed(libnet_t *l, struct libnet_ipv4_hdr *ip)
 {
-	struct libnet_icmp_hdr *icmp;
+	struct libnet_icmpv4_hdr *icmp;
 	int len;
 
 	len = (ip->ip_hl * 4) + 8;
 	
-	libnet_build_ip(ICMP_MASK_H + len, 4, libnet_get_prand(PRu16),
-			0, 64, IPPROTO_ICMP, ip->ip_dst.s_addr,
-			ip->ip_src.s_addr, NULL, 0, buf);
-
-	icmp = (struct libnet_icmp_hdr *)(buf + IP_H);
+	icmp = (struct libnet_icmpv4_hdr *)(buf + LIBNET_IPV4_H);
 	icmp->icmp_type = ICMP_UNREACH;
 	icmp->icmp_code = ICMP_UNREACH_NEEDFRAG;
 	icmp->hun.frag.pad = 0;
 	icmp->hun.frag.mtu = htons(MIN_MTU);
-	memcpy((u_char *)icmp + ICMP_MASK_H, (u_char *)ip, len);
+	memcpy((u_char *)icmp + LIBNET_ICMPV4_MASK_H, (u_char *)ip, len);
 
-	libnet_do_checksum(buf, IPPROTO_ICMP, ICMP_MASK_H + len);
-	
-	len += (IP_H + ICMP_MASK_H);
+	len += LIBNET_ICMPV4_MASK_H;
+
+	libnet_build_ipv4(LIBNET_IPV4_H + len, 4,
+			  libnet_get_prand(LIBNET_PRu16), 0, 64, IPPROTO_ICMP,
+			  0, ip->ip_dst.s_addr, ip->ip_src.s_addr,
+			  (u_int8_t *) icmp, len, l, 0);
 	
-	if (libnet_write_ip(sock, buf, len) != len)
+	if (libnet_write(l) != len)
 		warn("write");
 	
 	fprintf(stderr, "%s > %s: icmp: ",
-		libnet_host_lookup(ip->ip_dst.s_addr, 0),
-		libnet_host_lookup(ip->ip_src.s_addr, 0));
+		libnet_addr2name4(ip->ip_dst.s_addr, 0),
+		libnet_addr2name4(ip->ip_src.s_addr, 0));
 	fprintf(stderr, "%s unreachable - need to frag (mtu %d)\n",
-		libnet_host_lookup(ip->ip_src.s_addr, 0), MIN_MTU);
+		libnet_addr2name4(ip->ip_src.s_addr, 0), MIN_MTU);
 }
 
 static void
 tcp_nice_cb(u_char *user, const struct pcap_pkthdr *pcap, const u_char *pkt)
 {
-	struct libnet_ip_hdr *ip;
+	struct libnet_ipv4_hdr *ip;
 	struct libnet_tcp_hdr *tcp;
-	int *sock, len;
+	int len;
+	libnet_t *l;
 
-	sock = (int *)user;
+	l = (libnet_t *)user;
 	pkt += pcap_off;
 	len = pcap->caplen - pcap_off;
 
-	ip = (struct libnet_ip_hdr *)pkt;
+	ip = (struct libnet_ipv4_hdr *)pkt;
 	if (ip->ip_p != IPPROTO_TCP)
 		return;
 	
@@ -151,11 +150,11 @@
 	
 	if (ntohs(ip->ip_len) > (ip->ip_hl << 2) + (tcp->th_off << 2)) {
 		if (Opt_icmp)
-			send_icmp_source_quench(*sock, ip);
+			send_icmp_source_quench(l, ip);
 		if (Opt_win)
-			send_tcp_window_advertisement(*sock, ip, tcp);
+			send_tcp_window_advertisement(l, ip, tcp);
 		if (Opt_pmtu)
-			send_icmp_frag_needed(*sock, ip);
+			send_icmp_frag_needed(l, ip);
 	}
 }
 
@@ -164,8 +163,10 @@
 {
 	extern char *optarg;
 	extern int optind;
-	int c, sock;
+	int c;
 	char *intf, *filter, ebuf[PCAP_ERRBUF_SIZE];
+	char libnet_ebuf[LIBNET_ERRBUF_SIZE];
+	libnet_t *l;
 	pcap_t *pd;
 	
 	intf = NULL;
@@ -209,14 +210,14 @@
 	if ((pcap_off = pcap_dloff(pd)) < 0)
 		errx(1, "couldn't determine link layer offset");
 	
-	if ((sock = libnet_open_raw_sock(IPPROTO_RAW)) == -1)
+	if ((l = libnet_init(LIBNET_RAW4, intf, libnet_ebuf)) == NULL)
 		errx(1, "couldn't initialize sending");
 	
-	libnet_seed_prand();
+	libnet_seed_prand(l);
 	
 	warnx("listening on %s [%s]", intf, filter);
 	
-	pcap_loop(pd, -1, tcp_nice_cb, (u_char *)&sock);
+	pcap_loop(pd, -1, tcp_nice_cb, (u_char *)l);
 	
 	/* NOTREACHED */
 	
--- dsniff-2.4b1/tcp_raw.c		2001-03-15 10:33:04.000000000 +0200
+++ dsniff-2.4b1/tcp_raw.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -119,7 +119,7 @@
 }
 
 struct iovec *
-tcp_raw_input(struct libnet_ip_hdr *ip, struct libnet_tcp_hdr *tcp, int len)
+tcp_raw_input(struct libnet_ipv4_hdr *ip, struct libnet_tcp_hdr *tcp, int len)
 {
 	struct tha tha;
 	struct tcp_conn *conn;
@@ -131,7 +131,7 @@
 
 	/* Verify TCP checksum. */
 	cksum = tcp->th_sum;
-	libnet_do_checksum((u_char *) ip, IPPROTO_TCP, len);
+	libnet_do_checksum(NULL, (u_char *) ip, IPPROTO_TCP, len);
 
 	if (cksum != tcp->th_sum)
 		return (NULL);
--- dsniff-2.4b1/tcp_raw.h		2001-03-15 10:33:06.000000000 +0200
+++ dsniff-2.4b1/tcp_raw.h.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -15,7 +15,7 @@
 				   u_short sport, u_short dport,
 				   u_char *buf, int len);
 
-struct iovec   *tcp_raw_input(struct libnet_ip_hdr *ip,
+struct iovec   *tcp_raw_input(struct libnet_ipv4_hdr *ip,
 			      struct libnet_tcp_hdr *tcp, int len);
 
 void		tcp_raw_timeout(int timeout, tcp_raw_callback_t callback);
--- dsniff-2.4b1/trigger.c		2001-03-15 10:33:05.000000000 +0200
+++ dsniff-2.4b1/trigger.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -276,7 +276,7 @@
 }
 	
 void
-trigger_ip(struct libnet_ip_hdr *ip)
+trigger_ip(struct libnet_ipv4_hdr *ip)
 {
 	struct trigger *t, tr;
 	u_char *buf;
@@ -305,7 +305,7 @@
 
 /* libnids needs a nids_register_udp()... */
 void
-trigger_udp(struct libnet_ip_hdr *ip)
+trigger_udp(struct libnet_ipv4_hdr *ip)
 {
 	struct trigger *t, tr;
 	struct libnet_udp_hdr *udp;
@@ -437,7 +437,7 @@
 }
 
 void
-trigger_tcp_raw(struct libnet_ip_hdr *ip)
+trigger_tcp_raw(struct libnet_ipv4_hdr *ip)
 {
 	struct trigger *t, tr;
 	struct libnet_tcp_hdr *tcp;
--- dsniff-2.4b1/trigger.h		2001-03-15 10:33:06.000000000 +0200
+++ dsniff-2.4b1/trigger.h.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -24,10 +24,10 @@
 int	trigger_set_tcp(int port, char *name);
 int	trigger_set_rpc(int program, char *name);
 
-void	trigger_ip(struct libnet_ip_hdr *ip);
-void	trigger_udp(struct libnet_ip_hdr *ip);
+void	trigger_ip(struct libnet_ipv4_hdr *ip);
+void	trigger_udp(struct libnet_ipv4_hdr *ip);
 void	trigger_tcp(struct tcp_stream *ts, void **conn_save);
-void	trigger_tcp_raw(struct libnet_ip_hdr *ip);
+void	trigger_tcp_raw(struct libnet_ipv4_hdr *ip);
 void	trigger_tcp_raw_timeout(int signal);
 void	trigger_rpc(int program, int proto, int port);
 
--- dsniff-2.4b1/urlsnarf.c		2006-06-09 13:35:29.000000000 +0300
+++ dsniff-2.4b1/urlsnarf.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -145,14 +145,14 @@
 		if (user == NULL)
 			user = "-";
 		if (vhost == NULL)
-			vhost = libnet_host_lookup(addr->daddr, Opt_dns);
+			vhost = libnet_addr2name4(addr->daddr, Opt_dns);
 		if (referer == NULL)
 			referer = "-";
 		if (agent == NULL)
 			agent = "-";
 		
 		printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n",
-		       libnet_host_lookup(addr->saddr, Opt_dns),
+		       libnet_addr2name4(addr->saddr, Opt_dns),
 		       user, timestamp(), req, vhost, uri, referer, agent);
 	}
 	fflush(stdout);
--- dsniff-2.4b1/webmitm.c		2001-03-17 10:35:05.000000000 +0200
+++ dsniff-2.4b1/webmitm.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -242,7 +242,7 @@
 			word = buf_tok(&msg, "/", 1);
 			vhost = buf_strdup(word);
 		}
-		ssin.sin_addr.s_addr = libnet_name_resolve(vhost, 1);
+		ssin.sin_addr.s_addr = libnet_name2addr4(NULL, vhost, 1);
 		free(vhost);
 		
 		if (ssin.sin_addr.s_addr == ntohl(INADDR_LOOPBACK) ||
@@ -510,7 +510,7 @@
 	argv += optind;
 
 	if (argc == 1) {
-		if ((static_host = libnet_name_resolve(argv[0], 1)) == -1)
+		if ((static_host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
 			usage();
 	}
 	else if (argc != 0) usage();
--- dsniff-2.4b1/webspy.c		2006-06-09 13:35:29.000000000 +0300
+++ dsniff-2.4b1/webspy.c.libnet_11	2006-06-09 13:35:29.000000000 +0300
@@ -126,7 +126,7 @@
 		if (auth == NULL)
 			auth = "";
 		if (vhost == NULL)
-			vhost = libnet_host_lookup(addr->daddr, 0);
+			vhost = libnet_addr2name4(addr->daddr, 0);
 		
 		snprintf(cmd, sizeof(cmd), "openURL(http://%s%s%s%s)",
 			 auth, *auth ? "@" : "", vhost, uri);
@@ -205,7 +205,7 @@
 	cmdtab[0] = cmd;
 	cmdtab[1] = NULL;
 	
-	if ((host = libnet_name_resolve(argv[0], 1)) == -1)
+	if ((host = libnet_name2addr4(NULL, argv[0], 1)) == -1)
 		errx(1, "unknown host");
 	
 	if ((dpy = XOpenDisplay(NULL)) == NULL)

dsniff-2.4-mailsnarf_corrupt.patch:

--- NEW FILE dsniff-2.4-mailsnarf_corrupt.patch ---
Patch by Steve Kemp <skx at debian.org> for dsniff >= 2.4b1, which fixes a
bug in mailsnarf that caused not to parse every mail correctly. For further
information, please have a look to Debian bug ID #149330.

--- dsniff-2.4b1/mailsnarf.c		2005-06-23 03:30:37.000000000 +0000
+++ dsniff-2.4b1/mailsnarf.c.mailsnarf	2005-06-23 04:05:16.000000000 +0000
@@ -178,7 +178,7 @@
 	if (smtp->state != SMTP_DATA) {
 		while ((i = buf_index(&buf, "\r\n", 2)) >= 0) {
 			line = buf_tok(&buf, NULL, i + 2);
-			line->base[line->end] = '\0';
+			line->base[line->end-1] = '\0';
 			p = buf_ptr(line);
 			
 			if (strncasecmp(p, "RSET", 4) == 0) {

dsniff-2.4-multiple_intf.patch:

--- NEW FILE dsniff-2.4-multiple_intf.patch ---
Patch by Steve Kemp <skx at debian.org> for dsniff >= 2.4b1, which adds a fix
to work with multiple interfaces. For further information, please have a
look to Debian bug ID #242369.

--- dsniff-2.4b1/arp.c			2005-06-23 03:30:37.000000000 +0000
+++ dsniff-2.4b1/arp.c.multiple_intf	2005-06-23 04:09:05.000000000 +0000
@@ -39,7 +39,7 @@
 
 #ifdef BSD
 int
-arp_cache_lookup(in_addr_t ip, struct ether_addr *ether)
+arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf)
 {
 	int mib[6];
 	size_t len;
@@ -91,7 +91,7 @@
 #endif
 
 int
-arp_cache_lookup(in_addr_t ip, struct ether_addr *ether)
+arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* lif)
 {
 	int sock;
 	struct arpreq ar;
@@ -99,7 +99,7 @@
 	
 	memset((char *)&ar, 0, sizeof(ar));
 #ifdef __linux__
-	strncpy(ar.arp_dev, "eth0", sizeof(ar.arp_dev));   /* XXX - *sigh* */
+	strncpy(ar.arp_dev, lif, strlen(lif));
 #endif
 	sin = (struct sockaddr_in *)&ar.arp_pa;
 	sin->sin_family = AF_INET;
--- dsniff-2.4b1/arp.h			2005-06-23 03:30:37.000000000 +0000
+++ dsniff-2.4b1/arp.h.multiple_intf	2005-06-23 04:09:07.000000000 +0000
@@ -11,6 +11,6 @@
 #ifndef _ARP_H_
 #define _ARP_H_
 
-int	arp_cache_lookup(in_addr_t ip, struct ether_addr *ether);
+int	arp_cache_lookup(in_addr_t ip, struct ether_addr *ether, const char* linf);
 
 #endif /* _ARP_H_ */
--- dsniff-2.4b1/arpspoof.c		2005-06-23 03:30:37.000000000 +0000
+++ dsniff-2.4b1/arpspoof.c.mltpl_intf	2005-06-23 04:08:41.000000000 +0000
@@ -113,7 +113,7 @@
 	int i = 0;
 
 	do {
-		if (arp_cache_lookup(ip, mac) == 0)
+		if (arp_cache_lookup(ip, mac, intf) == 0)
 			return (1);
 #ifdef __linux__
 		/* XXX - force the kernel to arp. feh. */

dsniff-2.4-obsolete_time.patch:

--- NEW FILE dsniff-2.4-obsolete_time.patch ---
Patch by Luciano Bello <luciano at linux.org.ar> for dsniff >= 2.4b1, which
changes according to /usr/include/time.h, CLK_TCK is the "obsolete POSIX.1-
1988 name" for CLOCKS_PER_SEC. For further information, please have a look
to Debian bug ID #420944.

--- dsniff-2.4b1/sshow.c		2007-06-22 15:48:00.000000000 -0300
+++ dsniff-2.4b1/sshow.c.obsolete_time	2007-08-10 19:03:30.000000000 -0300
@@ -222,7 +222,7 @@
 	if (debug)
 		printf("- %s -> %s: DATA (%s bytes, %.2f seconds)\n",
 			s_saddr(ts), s_daddr(ts), s_range(plain_range),
-			(float)delay / CLK_TCK);
+			(float)delay / CLOCKS_PER_SEC);
 	if (debug > 1)
 		print_data(&ts->server, cipher_size);
 
@@ -270,7 +270,7 @@
 	if (debug)
 		printf("- %s <- %s: DATA (%s bytes, %.2f seconds)\n",
 		       s_saddr(ts), s_daddr(ts), s_range(plain_range),
-		       (float)delay / CLK_TCK);
+		       (float)delay / CLOCKS_PER_SEC);
 	if (debug > 1)
 		print_data(&ts->client, cipher_size);
 	
@@ -299,7 +299,7 @@
 	
 	if (session->state == 1 &&
 #ifdef USE_TIMING
-	    now - get_history(session, 2)->timestamp >= CLK_TCK &&
+	    now - get_history(session, 2)->timestamp >= CLOCKS_PER_SEC &&
 #endif
 	    session->protocol == 1 &&
 	    (session->history.directions & 7) == 5 &&

dsniff-2.4-openssl_098.patch:

--- NEW FILE dsniff-2.4-openssl_098.patch ---
Patch by <kees at ubuntu.com> for dsniff >= 2.4b1, which includes a missing
header file to make it building.

--- dsniff-2.4b1/ssh.c			2006-10-12 13:21:57.000000000 -0700
+++ dsniff-2.4b1/ssh.c.openssl_098	2006-10-12 13:22:46.441893077 -0700
@@ -16,6 +16,7 @@
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 #include <openssl/rand.h>
+#include <openssl/md5.h>
 
 #include <err.h>
 #include <errno.h>

dsniff-2.4-pcap_read_dump.patch:

--- NEW FILE dsniff-2.4-pcap_read_dump.patch ---
Patch by Joseph Battaglia <sephail at sephail.net> and Joshua Krage
<jkrage at guisarme.us> for dsniff >= 2.4b1, which allows the reading of
saved PCAP capture files. For further information, please have a look
to Debian bug ID #153462 and #298604.

--- dsniff-2.4b1/dsniff.8		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/dsniff.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -10,7 +10,7 @@
 .nf
 .fi
 \fBdsniff\fR [\fB-c\fR] [\fB-d\fR] [\fB-m\fR] [\fB-n\fR] [\fB-i
-\fIinterface\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
+\fIinterface\fR | \fB-p \fIpcapfile\fR] [\fB-s \fIsnaplen\fR] [\fB-f \fIservices\fR]
 [\fB-t \fItrigger[,...]\fR]]
 [\fB-r\fR|\fB-w\fR \fIsavefile\fR] [\fIexpression\fR]
 .SH DESCRIPTION
@@ -45,6 +45,9 @@
 Do not resolve IP addresses to hostnames.
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Rather than processing the contents of packets observed upon the network 
+process the given PCAP capture file.
 .IP "\fB-s \fIsnaplen\fR"
 Analyze at most the first \fIsnaplen\fR bytes of each TCP connection,
 rather than the default of 1024.
--- dsniff-2.4b1/dsniff.c		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/dsniff.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -46,8 +46,9 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: dsniff [-cdmn] [-i interface] [-s snaplen] [-f services]\n"
-		"              [-t trigger[,...]] [-r|-w savefile] [expression]\n");
+		"Usage: dsniff [-cdmn] [-i interface | -p pcapfile] [-s snaplen]\n"
+		"              [-f services] [-t trigger[,...]] [-r|-w savefile]\n"
+		"              [expression]\n");
 	exit(1);
 }
 
@@ -79,7 +80,7 @@
 
 	services = savefile = triggers = NULL;
 	
-	while ((c = getopt(argc, argv, "cdf:i:mnr:s:t:w:h?V")) != -1) {
+	while ((c = getopt(argc, argv, "cdf:i:mnp:r:s:t:w:h?V")) != -1) {
 		switch (c) {
 		case 'c':
 			Opt_client = 1;
@@ -99,6 +100,9 @@
 		case 'n':
 			Opt_dns = 0;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		case 'r':
 			Opt_read = 1;
 			savefile = optarg;
@@ -168,10 +172,23 @@
 	else nids_register_tcp(trigger_tcp);
 	
 	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
+		if (nids_params.filename == NULL) {
+			warnx("listening on %s [%s]", nids_params.device,
+		        nids_params.pcap_filter);
+		}
+		else {
+			warnx("using %s [%s]", nids_params.filename,
+		        nids_params.pcap_filter);
+		}
+	}
+	else {
+		if (nids_params.filename == NULL) {
+			warnx("listening on %s", nids_params.device);
+		}
+		else {
+			warnx("using %s", nids_params.filename);
+		}
 	}
-	else warnx("listening on %s", nids_params.device);
 	
 	nids_run();
 	
--- dsniff-2.4b1/filesnarf.8		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/filesnarf.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBfilesnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBfilesnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -18,6 +18,8 @@
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 files.
--- dsniff-2.4b1/filesnarf.c		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/filesnarf.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -51,7 +51,7 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: filesnarf [-i interface] [[-v] pattern [expression]]\n");
+		"Usage: filesnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
 	exit(1);
 }
 
@@ -464,11 +464,14 @@
 	extern int optind;
 	int c;
 
-	while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		case 'v':
 			Opt_invert = 1;
 			break;
@@ -498,11 +501,24 @@
 	nids_register_ip(decode_udp_nfs);
 	nids_register_tcp(decode_tcp_nfs);
 
-	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
-	}
-	else warnx("listening on %s", nids_params.device);
+        if (nids_params.pcap_filter != NULL) {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s [%s]", nids_params.device,
+                              nids_params.pcap_filter);
+                }
+                else {
+                        warnx("using %s [%s]", nids_params.filename,
+                              nids_params.pcap_filter);
+                }
+        }
+        else {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s", nids_params.device);
+                }
+                else {
+                        warnx("using %s", nids_params.filename);
+                }
+        }
 
 	nids_run();
 
--- dsniff-2.4b1/mailsnarf.8		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/mailsnarf.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBmailsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmailsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -19,6 +19,8 @@
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 messages.
--- dsniff-2.4b1/mailsnarf.c		2005-07-11 20:41:18.000000000 +0000
+++ dsniff-2.4b1/mailsnarf.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -59,7 +59,7 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: mailsnarf [-i interface] [[-v] pattern [expression]]\n");
+		"Usage: mailsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
 	exit(1);
 }
 
@@ -344,11 +344,14 @@
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "i:vh?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:vh?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+                case 'p':
+                        nids_params.filename = optarg;
+                        break;
 		case 'v':
 			Opt_invert = 1;
 			break;
@@ -378,10 +381,23 @@
 	nids_register_tcp(sniff_pop_session);
 
 	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
+                if (nids_params.filename == NULL) {
+		        warnx("listening on %s [%s]", nids_params.device,
+		              nids_params.pcap_filter);
+                }
+                else {
+		        warnx("using %s [%s]", nids_params.filename,
+		              nids_params.pcap_filter);
+                }
 	}
-	else warnx("listening on %s", nids_params.device);
+	else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 	
 	nids_run();
 	
--- dsniff-2.4b1/msgsnarf.8		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/msgsnarf.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBmsgsnarf\fR [\fB-i \fIinterface\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBmsgsnarf\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -19,6 +19,8 @@
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 messages.
--- dsniff-2.4b1/msgsnarf.c		2005-07-11 20:41:18.000000000 +0000
+++ dsniff-2.4b1/msgsnarf.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -45,7 +45,7 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: msgsnarf [-i interface] [[-v] pattern [expression]]\n");
+		"Usage: msgsnarf [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
 	exit(1);
 }
 
@@ -633,11 +633,14 @@
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "i:hv?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:hv?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		case 'v':
 			Opt_invert = 1;
 			break;
@@ -666,11 +669,24 @@
 	
 	nids_register_tcp(sniff_msgs);
 
-	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
-	}
-	else warnx("listening on %s", nids_params.device);
+        if (nids_params.pcap_filter != NULL) {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s [%s]", nids_params.device,
+                              nids_params.pcap_filter);
+                }
+                else {
+                        warnx("using %s [%s]", nids_params.filename,
+                              nids_params.pcap_filter);
+                }
+        }
+        else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 
 	nids_run();
 	
--- dsniff-2.4b1/sshow.8		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/sshow.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR] [\fIexpression\fR]
+\fBsshow\fR [\fB-d\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] [\fIexpression\fR]
 .SH DESCRIPTION
 .ad
 .fi
@@ -28,6 +28,8 @@
 Enable verbose debugging output.
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP "\fIexpression\fR"
 Specify a tcpdump(8) filter expression to select traffic to sniff.
 .SH "SEE ALSO"
--- dsniff-2.4b1/sshow.c		2005-07-11 20:41:18.000000000 +0000
+++ dsniff-2.4b1/sshow.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -82,7 +82,7 @@
 static void
 usage(void)
 {
-	fprintf(stderr, "Usage: sshow [-d] [-i interface]\n");
+	fprintf(stderr, "Usage: sshow [-d] [-i interface | -p pcapfile]\n");
 	exit(1);
 }
 
@@ -616,7 +616,7 @@
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "di:h?")) != -1) {
+	while ((c = getopt(argc, argv, "di:p:h?")) != -1) {
 		switch (c) {
 		case 'd':
 			debug++;
@@ -624,6 +624,9 @@
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		default:
 			usage();
 			break;
@@ -652,11 +655,24 @@
 	
 	nids_register_tcp(process_event);
 
-	if (nids_params.pcap_filter != NULL) {
-		warnx("listening on %s [%s]", nids_params.device,
-		      nids_params.pcap_filter);
-	}
-	else warnx("listening on %s", nids_params.device);
+        if (nids_params.pcap_filter != NULL) {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s [%s]", nids_params.device,
+                              nids_params.pcap_filter);
+                }
+                else {
+                        warnx("using %s [%s]", nids_params.filename,
+                              nids_params.pcap_filter);
+                }
+        }
+        else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 
 	nids_run();
 	
--- dsniff-2.4b1/urlsnarf.8		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/urlsnarf.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR]  [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
+\fBurlsnarf\fR [\fB-n\fR] [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR]  [[\fB-v\fR] \fIpattern [\fIexpression\fR]]
 .SH DESCRIPTION
 .ad
 .fi
@@ -21,6 +21,9 @@
 .IP \fB-n\fR
 Do not resolve IP addresses to hostnames.
 .IP "\fB-i \fIinterface\fR"
+Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fB-v\fR
 "Versus" mode. Invert the sense of matching, to select non-matching
 URLs.
--- dsniff-2.4b1/urlsnarf.c		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/urlsnarf.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -41,7 +41,7 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: urlsnarf [-n] [-i interface] [[-v] pattern [expression]]\n");
+		"Usage: urlsnarf [-n] [-i interface | -p pcapfile] [[-v] pattern [expression]]\n");
 	exit(1);
 }
 
@@ -201,11 +201,14 @@
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "i:nvh?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:nvh?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		case 'n':
 			Opt_dns = 0;
 			break;
@@ -238,8 +241,24 @@
 	
 	nids_register_tcp(sniff_http_client);
 
-	warnx("listening on %s [%s]", nids_params.device,
-	      nids_params.pcap_filter);
+        if (nids_params.pcap_filter != NULL) {
+                if (nids_params.filename == NULL) {
+                        warnx("listening on %s [%s]", nids_params.device,
+                              nids_params.pcap_filter);
+                }
+                else {
+                        warnx("using %s [%s]", nids_params.filename,
+                              nids_params.pcap_filter);
+                }
+        }
+        else {
+                if (nids_params.filename == NULL) {
+                    warnx("listening on %s", nids_params.device);
+                }
+                else {
+                    warnx("using %s", nids_params.filename);
+                }
+        }
 
 	nids_run();
 	
--- dsniff-2.4b1/webspy.8		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/webspy.8.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -9,7 +9,7 @@
 .na
 .nf
 .fi
-\fBwebspy\fR [\fB-i \fIinterface\fR] \fIhost\fR
+\fBwebspy\fR [\fB-i \fIinterface\fR | \fB-p \fIpcapfile\fR] \fIhost\fR
 .SH DESCRIPTION
 .ad
 .fi
@@ -20,6 +20,8 @@
 .SH OPTIONS
 .IP "\fB-i \fIinterface\fR"
 Specify the interface to listen on.
+.IP "\fB-p \fIpcapfile\fR"
+Process packets from the specified PCAP capture file instead of the network.
 .IP \fIhost\fR
 Specify the web client to spy on.
 .SH "SEE ALSO"
--- dsniff-2.4b1/webspy.c		2005-07-11 20:41:14.000000000 +0000
+++ dsniff-2.4b1/webspy.c.pcap_dump	2005-07-11 20:41:18.000000000 +0000
@@ -42,7 +42,7 @@
 usage(void)
 {
 	fprintf(stderr, "Version: " VERSION "\n"
-		"Usage: %s [-i interface] host\n", progname);
+		"Usage: %s [-i interface | -p pcapfile] host\n", progname);
 	exit(1);
 }
 
@@ -184,11 +184,14 @@
 	extern int optind;
 	int c;
 	
-	while ((c = getopt(argc, argv, "i:h?V")) != -1) {
+	while ((c = getopt(argc, argv, "i:p:h?V")) != -1) {
 		switch (c) {
 		case 'i':
 			nids_params.device = optarg;
 			break;
+		case 'p':
+			nids_params.filename = optarg;
+			break;
 		default:
 			usage();
 		}
@@ -216,7 +219,13 @@
 	
 	nids_register_tcp(sniff_http_client);
 
-	warnx("listening on %s", nids_params.device);
+        if (nids_params.filename == NULL) {
+                warnx("listening on %s", nids_params.device);
+        }
+        else {
+                warnx("using %s", nids_params.filename);
+        }
+
 
 	nids_run();
 	

dsniff-2.4-pop_with_version.patch:

--- NEW FILE dsniff-2.4-pop_with_version.patch ---
Patch by Luciano Bello <luciano at linux.org.ar> for dsniff >= 2.4b1, which
allows to distinguish between different POP versions.

--- dsniff-2.4b1/decode.c		2007-08-11 18:43:41.000000000 -0300
+++ dsniff-2.4b1/decode.c.pop_version	2007-08-11 19:01:08.000000000 -0300
@@ -63,7 +63,8 @@
 	{ "http",	decode_http },
 	{ "ospf",	decode_ospf },
 	{ "poppass",	decode_poppass },
-	{ "pop",	decode_pop },
+	{ "pop2",	decode_pop },
+	{ "pop3",	decode_pop },
 	{ "nntp",	decode_nntp },
 	{ "smb",	decode_smb },
 	{ "imap",	decode_imap },
--- dsniff-2.4b1/dsniff.services	2007-08-11 18:43:41.000000000 -0300
+++ dsniff-2.4b1/dsniff.services.pop	2007-08-11 19:00:21.000000000 -0300
@@ -10,8 +10,8 @@
 ospf		89/ip
 http		98/tcp
 poppass		106/tcp
-pop		109/tcp
-pop		110/tcp
+pop2		109/tcp
+pop3		110/tcp
 portmap		111/tcp
 portmap		-111/tcp
 portmap		111/udp

dsniff-2.4-sshcrypto.patch:

--- NEW FILE dsniff-2.4-sshcrypto.patch ---
Patch by Steve Kemp <skx at debian.org> for dsniff >= 2.4b1, which adds the
missing OpenSSL includes for header files.

--- dsniff-2.4b1/sshcrypto.c		2006-11-02 23:41:11.000000000 -0300
+++ dsniff-2.4b1/sshcrypto.c.sshcrypto	2006-11-02 23:41:55.000000000 -0300
@@ -14,6 +14,8 @@
 
 #include <sys/types.h>
 #include <openssl/ssl.h>
+#include <openssl/blowfish.h>
+#include <openssl/des.h>
 
 #include <err.h>
 #include <stdio.h>

dsniff-2.4-string_header.patch:

--- NEW FILE dsniff-2.4-string_header.patch ---
Patch by Luciano Bello <luciano at linux.org.ar> for dsniff >= 2.4b1, which
adds missing includes of the string header file.

--- dsniff-2.4b1/arp.c			2007-06-17 16:22:49.000000000 -0300
+++ dsniff-2.4b1/arp.c.string_header	2007-06-17 16:22:49.000000000 -0300
@@ -34,6 +34,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <string.h>
 
 #include "arp.h"
 
--- dsniff-2.4b1/buf.c			2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/buf.c.string_header	2007-06-17 16:22:49.000000000 -0300
@@ -17,6 +17,7 @@
 #include <unistd.h>
 #include <ctype.h>
 #include <err.h>
+#include <string.h>
 
 #include "buf.h"
 
--- dsniff-2.4b1/decode_nntp.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_nntp.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -15,6 +15,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <strlcat.h>
 
 #include "base64.h"
 #include "decode.h"
--- dsniff-2.4b1/decode_pop.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_pop.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -14,6 +14,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <strlcat.h>
 
 #include "base64.h"
 #include "options.h"
--- dsniff-2.4b1/decode_rlogin.c	2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_rlogin.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -14,6 +14,8 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <strlcpy.h>
+#include <strlcat.h>
 
 #include "options.h"
 #include "decode.h"
--- dsniff-2.4b1/decode_smb.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_smb.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -15,6 +15,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <strlcat.h>
 
 #include "decode.h"
 
--- dsniff-2.4b1/decode_smtp.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_smtp.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -14,6 +14,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <strlcat.h>
 
 #include "base64.h"
 #include "options.h"
--- dsniff-2.4b1/decode_sniffer.c	2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_sniffer.c.str	2007-06-17 16:22:49.000000000 -0300
@@ -15,6 +15,8 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <strlcat.h>
+#include <strlcpy.h>
 
 #include "base64.h"
 #include "decode.h"
--- dsniff-2.4b1/decode_socks.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_socks.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -14,6 +14,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <strlcat.h>
 
 #include "decode.h"
 
--- dsniff-2.4b1/decode_tds.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_tds.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -18,6 +18,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <strlcat.h>
 
 #include "decode.h"
 
--- dsniff-2.4b1/decode_telnet.c	2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_telnet.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -14,6 +14,7 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <strlcpy.h>
 
 #include "options.h"
 #include "decode.h"
--- dsniff-2.4b1/decode_x11.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/decode_x11.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -14,6 +14,8 @@
 
 #include <stdio.h>
 #include <string.h>
+#include <strlcat.h>
+#include <strlcpy.h>
 
 #include "decode.h"
 
--- dsniff-2.4b1/dnsspoof.c		2007-06-17 16:22:49.000000000 -0300
+++ dsniff-2.4b1/dnsspoof.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -20,6 +20,7 @@
 #include <stdlib.h>
 #include <signal.h>
 #include <string.h>
+#include <strlcpy.h>
 #include <resolv.h>
 #include <err.h>
 #include <libnet.h>
--- dsniff-2.4b1/magic.c		2007-06-17 16:22:39.000000000 -0300
+++ dsniff-2.4b1/magic.c.string_header	2007-06-17 16:22:49.000000000 -0300
@@ -36,6 +36,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <strlcpy.h>
 #include <ctype.h>
 #include <time.h>
 #include <err.h>
--- dsniff-2.4b1/sshmitm.c		2007-06-17 16:22:49.000000000 -0300
+++ dsniff-2.4b1/sshmitm.c.string	2007-06-17 16:22:49.000000000 -0300
@@ -24,6 +24,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <unistd.h>
+#include <strlcat.h>
 
 #include "buf.h"
 #include "record.h"
--- dsniff-2.4b1/missing/strlcat.h	1969-12-31 21:00:00.000000000 -0300
+++ dsniff-2.4b1/missing/strlcat.h.str	2007-06-17 16:22:49.000000000 -0300
@@ -0,0 +1 @@
+size_t strlcat(char *dst, const char *src, size_t siz);
--- dsniff-2.4b1/missing/strlcpy.h	1969-12-31 21:00:00.000000000 -0300
+++ dsniff-2.4b1/missing/strlcpy.h.str	2007-06-17 16:22:49.000000000 -0300
@@ -0,0 +1 @@
+size_t strlcpy(char *dst, const char *src, size_t siz);

dsniff-2.4-sysconf_clocks.patch:

--- NEW FILE dsniff-2.4-sysconf_clocks.patch ---
Patch by <kees at ubuntu.com> for dsniff >= 2.4b1, which adds a clock fix.

--- dsniff-2.4b1/sshow.c		2001-03-18 22:52:15.000000000 -0800
+++ dsniff-2.4b1/sshow.c.sysconf_clocks	2006-10-12 13:24:29.299111443 -0700
@@ -216,6 +216,7 @@
 {
 	clock_t delay;
 	int payload;
+    long CLK_TCK= sysconf(_SC_CLK_TCK);
 
 	delay = add_history(session, 0, cipher_size, plain_range);
 
@@ -264,6 +265,7 @@
 	clock_t delay;
 	int skip;
 	range string_range;
+    long CLK_TCK= sysconf(_SC_CLK_TCK);
 	
 	delay = add_history(session, 1, cipher_size, plain_range);
 	

dsniff-2.4-time_h.patch:

--- NEW FILE dsniff-2.4-time_h.patch ---
Patch by Steve Kemp <skx at debian.org> for dsniff >= 2.4b1, which adds an
include of <time.h> to fix a segfault on some architectures. For further
information, please have a look to Debian bug ID #315969.

--- dsniff-2.4b1/msgsnarf.c		2001-03-15 08:33:04.000000000 +0000
+++ dsniff-2.4b1/msgsnarf.c.time_h	2005-07-11 20:15:50.000000000 +0000
@@ -23,6 +23,7 @@
 #include <nids.h>
 #include <pcap.h>
 #include <pcaputil.h>
+#include <time.h>
 
 #include "buf.h"
 #include "decode.h"
--- dsniff-2.4b1/sshow.c		2005-07-11 20:14:19.000000000 +0000
+++ dsniff-2.4b1/sshow.c.time_h		2005-07-11 20:15:26.000000000 +0000
@@ -15,6 +15,7 @@
 
 #include <sys/types.h>
 #include <sys/times.h>
+#include <time.h>
 
 #include <netinet/in_systm.h>
 #include <netinet/in.h>

dsniff-2.4-urlsnarf_escape.patch:

--- NEW FILE dsniff-2.4-urlsnarf_escape.patch ---
Patch by Hilko Bengen <bengen at debian.org> for dsniff >= 2.4b1, which adds
escaping for user, vhost, uri, referrer and agent strings in the log. For
further information, please have a look to Debian bug ID #372536.

--- dsniff-2.4b1/urlsnarf.c		2006-11-27 17:09:54.000000000 +0100
+++ dsniff-2.4b1/urlsnarf.c.escape	2006-11-27 17:08:41.000000000 +0100
@@ -84,6 +84,43 @@
 	return (tstr);
 }
 
+static char *
+escape_log_entry(char *string)
+{
+	char *out;
+	unsigned char *c, *o;
+	size_t len;
+
+	if (!string)
+		return NULL;
+
+	/* Determine needed length */
+	for (c = string, len = 0; *c; c++) {
+		if ((*c < 32) || (*c >= 128))
+			len += 4;
+		else if ((*c == '"') || (*c =='\\'))
+			len += 2;
+		else
+			len++;
+	}
+	out = malloc(len+1);
+	if (!out)
+		return NULL;
+	for (c = string, o = out; *c; c++, o++) {
+		if ((*c < 32) || (*c >= 128)) {
+			snprintf(o, 5, "\\x%02x", *c);
+			o += 3;
+		} else if ((*c == '"') || ((*c =='\\'))) {
+			*(o++) = '\\';
+			*o = *c;
+		} else {
+			*o = *c;
+		}
+	}
+	out[len]='\0';
+	return out;
+}
+
 static int
 process_http_request(struct tuple4 *addr, u_char *data, int len)
 {
@@ -142,18 +179,26 @@
 				buf_tok(NULL, NULL, i);
 			}
 		}
-		if (user == NULL)
-			user = "-";
-		if (vhost == NULL)
-			vhost = libnet_addr2name4(addr->daddr, Opt_dns);
-		if (referer == NULL)
-			referer = "-";
-		if (agent == NULL)
-			agent = "-";
-		
+		user = escape_log_entry(user);
+		vhost = escape_log_entry(vhost);
+		uri = escape_log_entry(uri);
+		referer = escape_log_entry(referer);
+		agent = escape_log_entry(agent);
+
 		printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n",
 		       libnet_addr2name4(addr->saddr, Opt_dns),
-		       user, timestamp(), req, vhost, uri, referer, agent);
+		       (user?user:"-"),
+		       timestamp(), req, 
+		       (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)), 
+		       uri,
+		       (referer?referer:"-"),
+		       (agent?agent:"-"));
+
+		free(user);
+		free(vhost);
+		free(uri);
+		free(referer);
+		free(agent);
 	}
 	fflush(stdout);

dsniff-2.4-urlsnarf_zeropad.patch:

--- NEW FILE dsniff-2.4-urlsnarf_zeropad.patch ---
Patch by Steve Kemp <skx at debian.org> for dsniff >= 2.4b1, which fixes the
zero-pad date. For further information, please have a look to Debian bug ID
#298605.

--- dsniff-2.4b1/urlsnarf.c		2005-06-23 03:30:37.000000000 +0000
+++ dsniff-2.4b1/urlsnarf.c.zeropad	2005-06-23 04:04:07.000000000 +0000
@@ -68,7 +68,7 @@
 		 t->tm_hour - gmt.tm_hour);
 	tz = hours * 60 + t->tm_min - gmt.tm_min;
 	
-	len = strftime(tstr, sizeof(tstr), "%e/%b/%Y:%X", t);
+	len = strftime(tstr, sizeof(tstr), "%d/%b/%Y:%X", t);
 	if (len < 0 || len > sizeof(tstr) - 5)
 		return (NULL);
 	


--- NEW FILE dsniff.spec ---
Summary:	Tools for network auditing and penetration testing
Name:		dsniff
Version:	2.4
Release:	0.1.b1%{?dist}
License:	BSD
Group:		Applications/Internet
URL:		http://www.monkey.org/~dugsong/%{name}/
Source:		http://www.monkey.org/~dugsong/%{name}/beta/%{name}-%{version}b1.tar.gz
Patch0:		dsniff-2.4-time_h.patch
Patch1:		dsniff-2.4-mailsnarf_corrupt.patch
Patch2:		dsniff-2.4-pcap_read_dump.patch
Patch3:		dsniff-2.4-multiple_intf.patch
Patch4:		dsniff-2.4-amd64_fix.patch
Patch5:		dsniff-2.4-urlsnarf_zeropad.patch
Patch6:		dsniff-2.4-libnet_11.patch
Patch7:		dsniff-2.4-checksum.patch
Patch8:		dsniff-2.4-openssl_098.patch
Patch9:		dsniff-2.4-sshcrypto.patch
Patch10:	dsniff-2.4-sysconf_clocks.patch
Patch11:	dsniff-2.4-urlsnarf_escape.patch
Patch12:	dsniff-2.4-string_header.patch
Patch13:	dsniff-2.4-arpa_inet_header.patch
Patch14:	dsniff-2.4-pop_with_version.patch
Patch15:	dsniff-2.4-obsolete_time.patch
Patch16:	dsniff-2.4-checksum_libnids.patch
Patch17:	dsniff-2.4-fedora_dirs.patch
Patch18:	dsniff-2.4-glib2.patch
BuildRequires:	libnet-devel, openssl-devel, libnids-devel
BuildRequires:	glib2-devel, db4-devel, libcap-devel
BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

%description
A collection of tools for network auditing and penetration testing. Dsniff,
filesnarf, mailsnarf, msgsnarf, urlsnarf and webspy allow to passively monitor
a network for interesting data (passwords, e-mail, files). Arpspoof, dnsspoof
and macof facilitate the interception of network traffic normally unavailable
to an attacker (e.g, due to layer-2 switching). Sshmitm and webmitm implement
active monkey-in-the-middle attacks against redirected SSH and HTTPS sessions
by exploiting weak bindings in ad-hoc PKI.

%prep
%setup -q
%patch0 -p1 -b .time_h
%patch1 -p1 -b .mailsnarf
%patch2 -p1 -b .pcap_dump
%patch3 -p1 -b .multiple_intf
%patch4 -p1 -b .amd64_fix
%patch5 -p1 -b .urlsnarf_zeropad
%patch6 -p1 -b .libnet_11
%patch7 -p1 -b .checksum
%patch8 -p1 -b .openssl_098
%patch9 -p1 -b .sshcrypto
%patch10 -p1 -b .sysconf_clocks
%patch11 -p1 -b .urlsnarf_escape
%patch12 -p1 -b .string_header
%patch13 -p1 -b .arpa_inet_header
%patch14 -p1 -b .pop_with_version
%patch15 -p1 -b .obsolete_time
%patch16 -p1 -b .checksum_libnids
%patch17 -p1 -b .fedora_dirs
%patch18 -p1 -b .glib2

%build
%configure
make %{?_smp_mflags}

%install
rm -rf $RPM_BUILD_ROOT
make install_prefix=$RPM_BUILD_ROOT install

%clean
rm -rf $RPM_BUILD_ROOT

%files
%defattr(-,root,root)
%doc CHANGES LICENSE README TODO
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/*
%{_sbindir}/*
%{_mandir}/man8/*.8*

%changelog
* Thu Nov 29 2007 Robert Scheck <robert at fedoraproject.org> 2.4-0.1.b1
- Upgrade to 2.4b1 and added many patches from Debian
- Initial spec file for Fedora and Red Hat Enterprise Linux


Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/dsniff/F-7/.cvsignore,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- .cvsignore	28 Nov 2007 23:31:47 -0000	1.1
+++ .cvsignore	3 Dec 2007 22:18:47 -0000	1.2
@@ -0,0 +1 @@
+dsniff-2.4b1.tar.gz


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/dsniff/F-7/sources,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- sources	28 Nov 2007 23:31:47 -0000	1.1
+++ sources	3 Dec 2007 22:18:47 -0000	1.2
@@ -0,0 +1 @@
+2f761fa3475682a7512b0b43568ee7d6  dsniff-2.4b1.tar.gz




More information about the fedora-extras-commits mailing list