From 66cd056e677e4ef59faf72f972bb1d209a461def Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Jan 26 2016 12:24:50 +0000
Subject: add -p option that disables promiscuous mode (#1301853)


Resolves: #1301853

---

diff --git a/arpwatch-promisc.patch b/arpwatch-promisc.patch
new file mode 100644
index 0000000..1a697e4
--- /dev/null
+++ b/arpwatch-promisc.patch
@@ -0,0 +1,106 @@
+--- a/arpwatch.8	2016-01-26 10:13:58.344326599 +0100
++++ b/arpwatch.8	2016-01-26 09:59:46.620048949 +0100
+@@ -27,7 +27,7 @@ arpwatch - keep track of ethernet/ip add
+ .na
+ .B arpwatch
+ [
+-.B -dN
++.B -dNp
+ ] [
+ .B -f
+ .I datafile
+@@ -70,6 +70,10 @@ background and emailing the reports. Ins
+ .IR stderr .
+ .LP
+ The
++.B -p
++flag disables promiscous mode.
++.LP
++The
+ .B -f
+ flag is used to set the ethernet/ip address database filename.
+ The default is
+diff -rup arpwatch-2.1a15/arpwatch.c arpwatch-2.1a15-new/arpwatch.c
+--- a/arpwatch.c	2016-01-26 10:13:58.356326563 +0100
++++ b/arpwatch.c	2016-01-26 10:13:37.273390029 +0100
+@@ -162,7 +162,7 @@ void dropprivileges(const char* user)
+ }
+ 
+ char *
+-try_dev(char *interface, pcap_t **pd, int *linktype, char *errbuf)
++try_dev(char *interface, pcap_t **pd, int *linktype, int promisc, char *errbuf)
+ {
+ 	register int snaplen, timeout;
+ 
+@@ -170,7 +170,7 @@ try_dev(char *interface, pcap_t **pd, in
+ 				  sizeof(struct fddi_header)) + sizeof(struct ether_arp);
+ 	timeout = 1000;
+ 
+-	*pd = pcap_open_live(interface, snaplen, 1, timeout, errbuf);
++	*pd = pcap_open_live(interface, snaplen, promisc, timeout, errbuf);
+ 	if (NULL == *pd) {
+ 		syslog(LOG_ERR, "pcap open %s: %s", interface,  errbuf);
+ 		return NULL;
+@@ -187,14 +187,14 @@ try_dev(char *interface, pcap_t **pd, in
+ }
+ 
+ char *
+-iterate_dev(char *arginterface, pcap_t **pd, int *linktype, char *errbuf)
++iterate_dev(char *arginterface, pcap_t **pd, int *linktype, int promisc, char *errbuf)
+ {
+ 	static char interface[64 + 1];
+ 	pcap_if_t *alldevs;
+ 	pcap_if_t *dev;
+ 
+ 	if (NULL != arginterface) {
+-		return try_dev(arginterface, pd, linktype, errbuf);
++		return try_dev(arginterface, pd, linktype, promisc, errbuf);
+ 	} else {
+ 		if (pcap_findalldevs(&alldevs, errbuf) == -1) {
+ 			(void)fprintf(stderr, "%s: lookup_device: %s\n",
+@@ -203,7 +203,7 @@ iterate_dev(char *arginterface, pcap_t *
+ 		}
+ 		for (dev = alldevs; dev && (arginterface == NULL); dev = dev->next) {
+ 			strncpy(interface, dev->name, strlen(dev->name)+1);
+-			arginterface = try_dev(interface, pd, linktype, errbuf);
++			arginterface = try_dev(interface, pd, linktype, promisc, errbuf);
+ 		}
+ 		pcap_freealldevs(alldevs);
+ 		return arginterface;
+@@ -224,6 +224,7 @@ main(int argc, char **argv)
+ 	struct bpf_program code;
+ 	char errbuf[PCAP_ERRBUF_SIZE];
+ 	char* serveruser = NULL;
++	int promisc = 1;
+ 
+ 	if (argv[0] == NULL)
+ 		prog = "arpwatch";
+@@ -242,7 +243,7 @@ main(int argc, char **argv)
+ 	linktype = -1;
+ 	rfilename = NULL;
+ 	pd = NULL;
+-	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:")) != EOF)
++	while ((op = getopt(argc, argv, "df:i:n:Nr:u:e:s:p")) != EOF)
+ 		switch (op) {
+ 
+ 		case 'd':
+@@ -304,6 +305,10 @@ main(int argc, char **argv)
+ 			}
+ 			break;
+ 
++		case 'p':
++			promisc = 0;
++			break;
++
+ 		default:
+ 			usage();
+ 		}
+@@ -317,7 +322,7 @@ main(int argc, char **argv)
+ 	} else {
+ 
+ 		/* Determine interface if not specified */
+-		interface = iterate_dev(interface, &pd, &linktype, errbuf);
++		interface = iterate_dev(interface, &pd, &linktype, promisc, errbuf);
+ 		if (interface == NULL) {
+ 			(void)fprintf(stderr, "%s: lookup_device: no suitable interface found\n",
+ 						  prog);
diff --git a/arpwatch.spec b/arpwatch.spec
index 17bb1ea..c07bf7e 100644
--- a/arpwatch.spec
+++ b/arpwatch.spec
@@ -39,6 +39,7 @@ Patch14: arpwatch-2.1a15-lookupiselect.patch
 Patch16: arpwatch-201301-ethcodes.patch
 Patch17: arpwatch-pie.patch
 Patch18: arpwatch-aarch64.patch
+Patch19: arpwatch-promisc.patch
 
 %description
 The arpwatch package contains arpwatch and arpsnmp.  Arpwatch and
@@ -70,6 +71,7 @@ network.
 %patch16 -p1 -b .ethcode
 %patch17 -p1 -b .pie
 %patch18 -p1 -b .aarch64
+%patch19 -p1 -b .promisc
 
 %build
 %configure
@@ -148,6 +150,7 @@ fi
 %changelog
 * Tue Jan 26 2016 Jan Synáček <jsynacek@redhat.com> - 14:2.1a15-35
 - fix arpwatch buffer overflow (#1301880)
+- add -p option that disables promiscuous mode (#1301853)
 
 * Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 14:2.1a15-34
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild