From 58ba22972fc5e12a7c6e11b6fb47c2fb9eb6ccef Mon Sep 17 00:00:00 2001 From: sthen Date: Tue, 26 May 2026 09:26:35 +0000 Subject: [PATCH] readd net/fastnetmon, requested and tested by Tom Smyth --- devel/quirks/Makefile | 2 +- devel/quirks/files/Quirks.pm | 4 +- net/Makefile | 1 + net/fastnetmon/Makefile | 89 +++++++++++++++++++ net/fastnetmon/distinfo | 2 + .../patches/patch-src_CMakeLists_txt | 38 ++++++++ .../patches/patch-src_fast_endianless_hpp | 12 +++ .../patches/patch-src_fast_library_cpp | 34 +++++++ .../patches/patch-src_notify_about_attack_sh | 12 +++ net/fastnetmon/pkg/DESCR | 8 ++ net/fastnetmon/pkg/PLIST | 29 ++++++ net/fastnetmon/pkg/README | 27 ++++++ net/fastnetmon/pkg/fastnetmon.rc | 12 +++ 13 files changed, 267 insertions(+), 3 deletions(-) create mode 100644 net/fastnetmon/Makefile create mode 100644 net/fastnetmon/distinfo create mode 100644 net/fastnetmon/patches/patch-src_CMakeLists_txt create mode 100644 net/fastnetmon/patches/patch-src_fast_endianless_hpp create mode 100644 net/fastnetmon/patches/patch-src_fast_library_cpp create mode 100644 net/fastnetmon/patches/patch-src_notify_about_attack_sh create mode 100644 net/fastnetmon/pkg/DESCR create mode 100644 net/fastnetmon/pkg/PLIST create mode 100644 net/fastnetmon/pkg/README create mode 100644 net/fastnetmon/pkg/fastnetmon.rc diff --git a/devel/quirks/Makefile b/devel/quirks/Makefile index 94303cd8ded..cc44f50d122 100644 --- a/devel/quirks/Makefile +++ b/devel/quirks/Makefile @@ -3,7 +3,7 @@ CATEGORIES = devel databases DISTFILES = # API.rev -PKGNAME = quirks-7.199 +PKGNAME = quirks-7.200 PKG_ARCH = * MAINTAINER = Marc Espie diff --git a/devel/quirks/files/Quirks.pm b/devel/quirks/files/Quirks.pm index db16f41a1d7..e8859ca03e2 100644 --- a/devel/quirks/files/Quirks.pm +++ b/devel/quirks/files/Quirks.pm @@ -1,7 +1,7 @@ #! /usr/bin/perl # ex:ts=8 sw=4: -# $OpenBSD: Quirks.pm,v 1.1805 2026/05/24 08:23:35 matthieu Exp $ +# $OpenBSD: Quirks.pm,v 1.1806 2026/05/26 09:26:35 sthen Exp $ # # Copyright (c) 2009 Marc Espie # @@ -1001,7 +1001,6 @@ setup_obsolete_reason( 5 => 'pycha', 10 => 'gotosocial', 5 => 'xsd', - 4 => 'fastnetmon', 3 => 'kross-interpreters-kf5', 3 => 'py3-notmuch', 3 => 'pop3d', @@ -1130,6 +1129,7 @@ my $obsolete_message = { 15 => "use rspamd's internal milter support instead", 16 => "dependencies for recent versions can't be met", 17 => "outdated port, security problems in the last ported version", + 18 => "renamed upstream", 46 => "setuid-root software with a track record of security issues", 47 => "DNS network daemon running as root and not using random source ports. use DNS64 support in unbound or isc-bind", 48 => "1.x does not support current PHP, 2.x is tricky to package, see https://github.com/leenooks/phpLDAPadmin/wiki/Installation-Instructions#install-from-the-source-code", diff --git a/net/Makefile b/net/Makefile index 60723ff1d53..c1c34fbcd7e 100644 --- a/net/Makefile +++ b/net/Makefile @@ -104,6 +104,7 @@ SUBDIR += ettercap,no_x11 SUBDIR += exabgp SUBDIR += ezstream + SUBDIR += fastnetmon SUBDIR += filezilla SUBDIR += flare-messenger SUBDIR += flickcurl diff --git a/net/fastnetmon/Makefile b/net/fastnetmon/Makefile new file mode 100644 index 00000000000..869db50f45a --- /dev/null +++ b/net/fastnetmon/Makefile @@ -0,0 +1,89 @@ +COMMENT= DDoS detector with multiple packet capture engines + +GH_ACCOUNT= pavel-odintsov +GH_PROJECT= fastnetmon +GH_COMMIT= 78ae82822ad6188ccacbe6cfe5e8274c5b3a3689 +#GH_TAGNAME= v1.2.8 +DISTNAME= fastnetmon-1.2.9pre20260425 +WRKSRC= ${WRKDIST}/src + +HOMEPAGE= https://fastnetmon.com/guides/ + +CATEGORIES= net security + +# GPLv2 +PERMIT_PACKAGE= Yes + +MODULES= devel/cmake + +WANTLIB += ${COMPILER_LIBCXX} absl_base absl_borrowed_fixup_buffer +WANTLIB += absl_city absl_civil_time absl_cord absl_cord_internal +WANTLIB += absl_cordz_functions absl_cordz_handle absl_cordz_info +WANTLIB += absl_crc32c absl_crc_cord_state absl_crc_cpu_detect +WANTLIB += absl_crc_internal absl_debugging_internal absl_decode_rust_punycode +WANTLIB += absl_demangle_internal absl_demangle_rust absl_die_if_null +WANTLIB += absl_examine_stack absl_exponential_biased absl_flags_commandlineflag +WANTLIB += absl_flags_commandlineflag_internal absl_flags_config +WANTLIB += absl_flags_internal absl_flags_marshalling absl_flags_private_handle_accessor +WANTLIB += absl_flags_program_name absl_flags_reflection absl_graphcycles_internal +WANTLIB += absl_hash absl_hashtablez_sampler absl_int128 absl_kernel_timeout_internal +WANTLIB += absl_leak_check absl_log_entry absl_log_globals absl_log_initialize +WANTLIB += absl_log_internal_check_op absl_log_internal_conditions +WANTLIB += absl_log_internal_fnmatch absl_log_internal_format +WANTLIB += absl_log_internal_globals absl_log_internal_log_sink_set +WANTLIB += absl_log_internal_message absl_log_internal_nullguard +WANTLIB += absl_log_internal_proto absl_log_internal_structured_proto +WANTLIB += absl_log_severity absl_log_sink absl_malloc_internal +WANTLIB += absl_random_distributions absl_random_internal_entropy_pool +WANTLIB += absl_random_internal_platform absl_random_internal_randen +WANTLIB += absl_random_internal_randen_hwaes absl_random_internal_randen_hwaes_impl +WANTLIB += absl_random_internal_randen_slow absl_random_internal_seed_material +WANTLIB += absl_random_seed_gen_exception absl_random_seed_sequences +WANTLIB += absl_raw_hash_set absl_raw_logging_internal absl_spinlock_wait +WANTLIB += absl_stacktrace absl_status absl_statusor absl_str_format_internal +WANTLIB += absl_strerror absl_strings absl_strings_internal absl_symbolize +WANTLIB += absl_synchronization absl_throw_delegate absl_time +WANTLIB += absl_time_zone absl_tracing_internal absl_utf8_for_code_point +WANTLIB += absl_vlog_config_internal boost_atomic-mt boost_chrono-mt +WANTLIB += boost_container-mt boost_date_time-mt boost_program_options-mt +WANTLIB += boost_regex-mt boost_serialization-mt boost_thread-mt +WANTLIB += c crypto curses form gpr grpc grpc++ hiredis log4cpp +WANTLIB += m pcap protobuf ssl utf8_validity + +COMPILER= base-clang + +BUILD_DEPENDS= devel/capnproto # static +LIB_DEPENDS= devel/abseil-cpp \ + devel/boost \ + devel/log4cpp \ + devel/protobuf \ + databases/libhiredis \ + net/grpc + +# mongodb support requires mongo-c-driver, which needs fiddling for libbind +CONFIGURE_ARGS= -DENABLE_DPI_SUPPORT=Off \ + -DENABLE_MONGODB_SUPPORT=Off \ + -DENABLE_NETMAP_SUPPORT=Off \ + -DSET_ABSOLUTE_INSTALL_PATH=Off +DEBUG_PACKAGES= ${BUILD_PACKAGES} +CXXFLAGS += -DBOOST_STACKTRACE_GNU_SOURCE_NOT_REQUIRED + +pre-configure: + ${SUBST_CMD} ${WRKSRC}/CMakeLists.txt + sed -i -e 's,/var/log,&/fastnetmon,g;' \ + -e 's,/var/run,&/fastnetmon,g;' \ + -e 's,/etc,${SYSCONFDIR}/fastnetmon,g' \ + -e 's,/usr/local,${PREFIX},g' \ + ${WRKSRC}/fast_platform.h.template \ + ${WRKSRC}/fastnetmon.conf ${WRKSRC}/scripts/*pl \ + ${WRKSRC}/scripts/*py ${WRKSRC}/scripts/*sh + +post-install: + ${INSTALL_DATA_DIR} ${PREFIX}/share/examples/fastnetmon/ + ${INSTALL_DATA} ${WRKSRC}/notify_about_attack.sh \ + ${WRKSRC}/scripts/!(perllib) \ + ${PREFIX}/share/examples/fastnetmon/ + cd ${PREFIX}/share/examples/fastnetmon/; \ + rm *build*.pl install*.pl reformat_code_with_clang_format.sh + +.include diff --git a/net/fastnetmon/distinfo b/net/fastnetmon/distinfo new file mode 100644 index 00000000000..24dd260a3d7 --- /dev/null +++ b/net/fastnetmon/distinfo @@ -0,0 +1,2 @@ +SHA256 (fastnetmon-1.2.9pre20260425-78ae8282.tar.gz) = 6wfxb+xA2kd/Z6OjfChlc2nata4vRDNR7D1BfPl67EM= +SIZE (fastnetmon-1.2.9pre20260425-78ae8282.tar.gz) = 1495368 diff --git a/net/fastnetmon/patches/patch-src_CMakeLists_txt b/net/fastnetmon/patches/patch-src_CMakeLists_txt new file mode 100644 index 00000000000..a04ab9c9189 --- /dev/null +++ b/net/fastnetmon/patches/patch-src_CMakeLists_txt @@ -0,0 +1,38 @@ +Index: src/CMakeLists.txt +--- src/CMakeLists.txt.orig ++++ src/CMakeLists.txt +@@ -185,15 +185,15 @@ message(STATUS "Commit hash: ${GIT_LAST_COMMIT_HASH_SH + set(FASTNETMON_APPLICATION_VERSION "${FASTNETMON_VERSION_MAJOR}.${FASTNETMON_VERSION_MINOR}.${FASTNETMON_VERSION_PATCH} ${GIT_LAST_COMMIT_HASH_SHORT}") + + # Set standard values which work for majority of platforms +-set(FASTNETMON_PID_PATH "/var/run/fastnetmon.pid") +-set(FASTNETMON_CONFIGURATION_PATH "/etc/fastnetmon.conf") +-set(FASTNETMON_LOG_FILE_PATH "/var/log/fastnetmon.log") ++set(FASTNETMON_PID_PATH "/var/run/fastnetmon/fastnetmon.pid") ++set(FASTNETMON_CONFIGURATION_PATH "${SYSCONFDIR}/fastnetmon/fastnetmon.conf") ++set(FASTNETMON_LOG_FILE_PATH "/var/log/fastnetmon/fastnetmon.log") + set(FASTNETMON_ATTACK_DETAILS_FOLDER "/var/log/fastnetmon_attacks") +-set(FASTNETMON_NOTIFY_SCRIPT_PATH_DEFAULT "/usr/local/bin/notify_about_attack.sh") +-set(FASTNETMON_NETWORK_WHITELIST_PATH "/etc/networks_whitelist") +-set(FASTNETMON_NETWORKS_LIST_PATH "/etc/networks_list") +-set(FASTNETMON_BACKTRACE_PATH "/var/log/fastnetmon_backtrace.dump") +-set(FASTNETMON_WHITELIST_RULES_PATH "/etc/whitelist_rules") ++set(FASTNETMON_NOTIFY_SCRIPT_PATH_DEFAULT "${SYSCONFDIR}/fastnetmon/notify_about_attack.sh") ++set(FASTNETMON_NETWORK_WHITELIST_PATH "${SYSCONFDIR}/fastnetmon/networks_whitelist") ++set(FASTNETMON_NETWORKS_LIST_PATH "${SYSCONFDIR}/fastnetmon/networks_list") ++set(FASTNETMON_BACKTRACE_PATH "/var/log/fastnetmon/fastnetmon_backtrace.dump") ++set(FASTNETMON_WHITELIST_RULES_PATH "${SYSCONFDIR}/fastnetmon/whitelist_rules") + + # For FreeBSD based platforms we need to adjust them + if (${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD" OR ${CMAKE_SYSTEM_NAME} STREQUAL "DragonFly") +@@ -1167,6 +1167,10 @@ elseif (${CMAKE_SYSTEM_NAME} STREQUAL "Linux") + endif() + elseif (${CMAKE_SYSTEM_NAME} STREQUAL "Darwin") + message(STATUS "We run on Apple platform") ++elseif(${CMAKE_SYSTEM_NAME} STREQUAL "OpenBSD") ++ set(CMAKE_INSTALL_BINDIR "${PREFIX}/bin") ++ set(CMAKE_INSTALL_SBINDIR "${PREFIX}/sbin") ++ set(CMAKE_INSTALL_SYSCONFDIR "${PREFIX}/share/examples/fastnetmon") + else() + message(STATUS "We run on platform ${CMAKE_SYSTEM_NAME} and we do not touch install paths") + # Do not touch these variables and use default values diff --git a/net/fastnetmon/patches/patch-src_fast_endianless_hpp b/net/fastnetmon/patches/patch-src_fast_endianless_hpp new file mode 100644 index 00000000000..4b2ee275d67 --- /dev/null +++ b/net/fastnetmon/patches/patch-src_fast_endianless_hpp @@ -0,0 +1,12 @@ +Index: src/fast_endianless.hpp +--- src/fast_endianless.hpp.orig ++++ src/fast_endianless.hpp +@@ -5,6 +5,8 @@ + #ifdef _WIN32 + #include + #else ++// For int32_t ++#include + #include + #endif + diff --git a/net/fastnetmon/patches/patch-src_fast_library_cpp b/net/fastnetmon/patches/patch-src_fast_library_cpp new file mode 100644 index 00000000000..8dc8274c2ab --- /dev/null +++ b/net/fastnetmon/patches/patch-src_fast_library_cpp @@ -0,0 +1,34 @@ +from https://github.com/freebsd/freebsd-ports/blob/f009564d752e90a9070d32d97b901964044134c4/net-mgmt/fastnetmon/files/patch-fast__library.cpp + +Index: src/fast_library.cpp +--- src/fast_library.cpp.orig ++++ src/fast_library.cpp +@@ -36,6 +36,11 @@ + + #include "iana_ip_protocols.hpp" + ++// For pthread_set_name_np ++#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__OpenBSD__) ++#include ++#endif ++ + boost::regex regular_expression_cidr_pattern("^\\d+\\.\\d+\\.\\d+\\.\\d+\\/\\d+$"); + boost::regex regular_expression_host_pattern("^\\d+\\.\\d+\\.\\d+\\.\\d+$"); + +@@ -1202,12 +1207,16 @@ bool set_boost_process_name(boost::thread* thread, con + char new_process_name[16]; + strcpy(new_process_name, process_name.c_str()); + ++#if defined(__FreeBSD__) || defined(__DragonFly__) || defined(__OpenBSD__) ++ pthread_set_name_np(thread->native_handle(), new_process_name); ++#else + int result = pthread_setname_np(thread->native_handle(), new_process_name); + + if (result != 0) { + logger << log4cpp::Priority::ERROR << "pthread_setname_np failed with code: " << result; + logger << log4cpp::Priority::ERROR << "Failed to set process name for " << process_name; + } ++#endif + + return true; + } diff --git a/net/fastnetmon/patches/patch-src_notify_about_attack_sh b/net/fastnetmon/patches/patch-src_notify_about_attack_sh new file mode 100644 index 00000000000..aef11be9bae --- /dev/null +++ b/net/fastnetmon/patches/patch-src_notify_about_attack_sh @@ -0,0 +1,12 @@ +Index: src/notify_about_attack.sh +--- src/notify_about_attack.sh.orig ++++ src/notify_about_attack.sh +@@ -9,7 +9,7 @@ + # $4 Attack action: ban or unban + # + +-email_notify="please_fix_this_email@domain.com" ++email_notify="please_fix_this_email@example.com" + + # For ban action we will receive attack details to stdin + # Please do not remove "cat" command because diff --git a/net/fastnetmon/pkg/DESCR b/net/fastnetmon/pkg/DESCR new file mode 100644 index 00000000000..2a2c4320844 --- /dev/null +++ b/net/fastnetmon/pkg/DESCR @@ -0,0 +1,8 @@ +FastNetMon is a very high performance DDoS detector built on top of +multiple packet capture engines: NetFlow, IPFIX, sFLOW. + +It could detect malicious traffic in your network and immediately block +it with BGP blackhole or BGP flow spec rules. + +It has solid support for all top network vendors and has unlimited +scalability due to flexible design. diff --git a/net/fastnetmon/pkg/PLIST b/net/fastnetmon/pkg/PLIST new file mode 100644 index 00000000000..92b299fd3b1 --- /dev/null +++ b/net/fastnetmon/pkg/PLIST @@ -0,0 +1,29 @@ +@newgroup _fastnetmon:814 +@newuser _fastnetmon:814:_fastnetmon::FastNetMon User:/nonexistent:/sbin/nologin +@extraunexec rm -rf /var/log/fastnetmon/* +@extraunexec rm -rf /var/log/fastnetmon_attacks/* +@rcscript ${RCDIR}/fastnetmon +@bin bin/fastnetmon_api_client +@bin bin/fastnetmon_client +@man man/man1/fastnetmon_client.1 +@man man/man8/fastnetmon.8 +@bin sbin/fastnetmon +share/doc/pkg-readmes/${PKGSTEM} +share/examples/fastnetmon/ +@sample ${SYSCONFDIR}/fastnetmon/ +share/examples/fastnetmon/fastnetmon.conf +@sample ${SYSCONFDIR}/fastnetmon/fastnetmon.conf +share/examples/fastnetmon/fastnetmon_notify.py +share/examples/fastnetmon/ipfix_csv_processor.pl +share/examples/fastnetmon/networks_list +@sample ${SYSCONFDIR}/fastnetmon/networks_list +share/examples/fastnetmon/networks_whitelist +@sample ${SYSCONFDIR}/fastnetmon/networks_whitelist +share/examples/fastnetmon/notify_about_attack.sh +@sample ${SYSCONFDIR}/fastnetmon/notify_about_attack.sh +share/examples/fastnetmon/notify_with_discord.sh +share/examples/fastnetmon/notify_with_slack.sh +@owner _fastnetmon +@group _fastnetmon +@sample /var/log/fastnetmon/ +@sample /var/log/fastnetmon_attacks/ diff --git a/net/fastnetmon/pkg/README b/net/fastnetmon/pkg/README new file mode 100644 index 00000000000..2efac1be119 --- /dev/null +++ b/net/fastnetmon/pkg/README @@ -0,0 +1,27 @@ ++----------------------------------------------------------------------- +| Running ${PKGSTEM} on OpenBSD ++----------------------------------------------------------------------- + +NetFlow input from pf +--------------------- +By default FastNetMon listens on port 2055 for incoming NetFlow data. This can +be obtained from pflow(4). Minimal pf.conf addition to export all states through +pflow(4): + + set state-defaults pflow + +And create a pflow0 with: + + # ifconfig pflow0 flowsrc 127.0.0.1 flowdst 127.0.0.1:2055 + +The default protocol version (5) works fine with FastNetMon. + +Configuration +------------- +At the very minimum the known networks need to be recorded in +${SYSCONFDIR}/fastnetmon/networks_list in CIDR notation, otherwise all traffic +is classified as "other traffic". + +Also a notification script needs to be configured and installed to actually +perform a ban. A stub is provided in +${PREFIX}/share/examples/fastnetmon/notify_about_attack.sh diff --git a/net/fastnetmon/pkg/fastnetmon.rc b/net/fastnetmon/pkg/fastnetmon.rc new file mode 100644 index 00000000000..439aed64e93 --- /dev/null +++ b/net/fastnetmon/pkg/fastnetmon.rc @@ -0,0 +1,12 @@ +#!/bin/ksh + +daemon="${TRUEPREFIX}/sbin/fastnetmon --daemonize" +daemon_user="_fastnetmon" + +. /etc/rc.d/rc.subr + +rc_pre() { + install -d -m 750 -o ${daemon_user} /var/run/fastnetmon +} + +rc_cmd $1