From 517bebfd8f7ab9b7741dd3016fd30a0686e4907b Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Jul 24 2012 12:01:53 +0000
Subject: add devlookup patch: search for suitable default

interface, if -i is not specified (#842660)

---

diff --git a/arpwatch-2.1a15-devlookup.patch b/arpwatch-2.1a15-devlookup.patch
new file mode 100644
index 0000000..78cbdb1
--- /dev/null
+++ b/arpwatch-2.1a15-devlookup.patch
@@ -0,0 +1,118 @@
+--- arpwatch-2.1a15-dist/arpwatch.c	2012-07-23 09:55:35.832458313 +0200
++++ arpwatch-2.1a15-new/arpwatch.c	2012-07-24 11:36:59.013953071 +0200
+@@ -161,15 +161,63 @@ void dropprivileges(const char* user)
+ 	syslog(LOG_DEBUG, "Running as uid=%d gid=%d", getuid(), getgid());
+ }
+ 
++char *
++get_first_dev(pcap_t **pd, int *linktype, char *errbuf)
++{
++	static char interface[IF_NAMESIZE + 1];
++	register int snaplen, timeout;
++	pcap_if_t *alldevs;
++	pcap_if_t *dev;
++	char *ret = NULL;
++
++	snaplen = max(sizeof(struct ether_header),
++				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
++	timeout = 1000;
++
++	if (pcap_findalldevs(&alldevs, errbuf) == -1) {
++		(void)fprintf(stderr, "%s: lookup_device: %s\n",
++					  prog, errbuf);
++		exit(1);
++	}
++
++	for (dev = alldevs; dev; dev = dev->next) {
++		strncpy(interface, dev->name, strlen(dev->name)+1);
++
++		*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
++		if (*pd == NULL) {
++			syslog(LOG_ERR, "pcap open %s: %s, trying next...", interface, errbuf);
++			continue;
++			/* exit(1); */
++		}
++
++		*linktype = pcap_datalink(*pd);
++		/* Must be ethernet or fddi */
++		if (*linktype != DLT_EN10MB && *linktype != DLT_FDDI) {
++			syslog(LOG_ERR, "(%s) Link layer type %d not ethernet or fddi, trying next...",
++				   interface, *linktype);
++			pcap_close(*pd);
++		}
++		else {
++			/* First match, use it */
++			ret = interface;
++			break;
++		}
++
++	}
++	pcap_freealldevs(alldevs);
++	return (ret);
++}
++
+ int
+ main(int argc, char **argv)
+ {
+ 	register char *cp;
+-	register int op, pid, snaplen, timeout, linktype, status;
++	register int op, pid, status;
++	int linktype;
+ #ifdef TIOCNOTTY
+ 	register int fd;
+ #endif
+-	register pcap_t *pd;
++	pcap_t *pd;
+ 	register char *interface, *rfilename;
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
+@@ -189,6 +237,7 @@ main(int argc, char **argv)
+ 
+ 	opterr = 0;
+ 	interface = NULL;
++	linktype = -1;
+ 	rfilename = NULL;
+ 	pd = NULL;
+ 	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
+@@ -264,11 +313,12 @@ main(int argc, char **argv)
+ 		net = 0;
+ 		netmask = 0;
+ 	} else {
++
+ 		/* Determine interface if not specified */
+ 		if (interface == NULL &&
+-		    (interface = pcap_lookupdev(errbuf)) == NULL) {
+-			(void)fprintf(stderr, "%s: lookup_device: %s\n",
+-			    prog, errbuf);
++			(interface = get_first_dev(&pd, &linktype, errbuf)) == NULL) {
++			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
++						  prog);
+ 			exit(1);
+ 		}
+ 
+@@ -317,10 +367,6 @@ main(int argc, char **argv)
+ 		}
+ 		swapped = pcap_is_swapped(pd);
+ 	} else {
+-		snaplen = max(sizeof(struct ether_header),
+-		    sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+-		timeout = 1000;
+-		pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
+ 		if (pd == NULL) {
+ 			syslog(LOG_ERR, "pcap open %s: %s", interface, errbuf);
+ 			exit(1);
+@@ -340,14 +386,6 @@ main(int argc, char **argv)
+ 		dropprivileges( serveruser );
+ 	}
+ 
+-	/* Must be ethernet or fddi */
+-	linktype = pcap_datalink(pd);
+-	if (linktype != DLT_EN10MB && linktype != DLT_FDDI) {
+-		syslog(LOG_ERR, "Link layer type %d not ethernet or fddi",
+-		    linktype);
+-		exit(1);
+-	}
+-
+ 	/* Compile and install filter */
+ 	if (pcap_compile(pd, &code, "arp or rarp", 1, netmask) < 0) {
+ 		syslog(LOG_ERR, "pcap_compile: %s", pcap_geterr(pd));
diff --git a/arpwatch.spec b/arpwatch.spec
index a2fd630..8efaeea 100644
--- a/arpwatch.spec
+++ b/arpwatch.spec
@@ -3,7 +3,7 @@
 Name: arpwatch
 Epoch: 14
 Version: 2.1a15
-Release: 21%{?dist}
+Release: 22%{?dist}
 Summary: Network monitoring tools for tracking IP addresses on a network
 Group: Applications/System
 License: BSD with advertising
@@ -34,6 +34,7 @@ Patch9: arpwatch-2.1a15-bogon.patch
 Patch10: arpwatch-2.1a15-extraman.patch
 Patch11: arpwatch-exitcode.patch
 Patch12: arpwatch-2.1a15-dropgroup.patch
+Patch13: arpwatch-2.1a15-devlookup.patch
 
 %description
 The arpwatch package contains arpwatch and arpsnmp.  Arpwatch and
@@ -60,6 +61,7 @@ network.
 %patch10 -p1 -b .extraman
 %patch11 -p1 -b .exitcode
 %patch12 -p1 -b .dropgroup
+%patch13 -p1 -b .devlookup
 
 %build
 %configure
@@ -146,6 +148,10 @@ fi
 %attr(-,arpwatch,arpwatch) %verify(not md5 size mtime) %config(noreplace) %{_vararpwatch}/ethercodes.dat
 
 %changelog
+* Tue Jul 24 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-22
+- add devlookup patch: search for suitable default interface, if -i is not
+  specified (#842660)
+
 * Thu Jul 19 2012 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-21
 - make spec slightly more fedora-review-friendly