Index | Thread | Search

From:
Chaz Kettleson <chaz@pyr3x.com>
Subject:
Re: [NEW]: net/hopm - open-proxy monitor irc bot
To:
Omar Polo <op@omarpolo.com>
Cc:
ports@openbsd.org
Date:
Wed, 14 Aug 2024 07:54:46 -0400

Download raw body.

Thread 
On Wed, Aug 14, 2024 at 12:13:53PM GMT, Omar Polo wrote:
> On 2024/08/14 12:02:46 +0200, Omar Polo <op@omarpolo.com> wrote:
> > Hello,
> > 
> > On 2024/08/11 15:20:32 -0400, Chaz Kettleson <chaz@pyr3x.com> wrote:
> > > On Sun, Aug 04, 2024 at 02:23:15PM GMT, Chaz Kettleson wrote:
> > > > On Sat, Jul 27, 2024 at 09:11:57AM GMT, chaz@pyr3x.com wrote:
> > > > > On Tue, Jul 23, 2024 at 08:02:08PM GMT, chaz@pyr3x.com wrote:
> > > > > > On Tue, Jul 23, 2024 at 07:49:47PM GMT, chaz@pyr3x.com wrote:
> > > > > > > On Sun, Jul 21, 2024 at 11:35:16AM GMT, chaz@pyr3x.com wrote:
> > > > > > > > Hello,
> > > > > > > > 
> > > > > > > > Attached is a new port HOPM.
> > > > > > > > 
> > > > > > > > HOPM (Hybrid Open Proxy Monitor) is an open-proxy monitoring bot
> > > > > > > > designed to monitor an individual server (all servers on the network
> > > > > > > > have to run their own bot if the IRCd does not support the "far
> > > > > > > > connect" user mode) with a local operator {} block and monitor
> > > > > > > > connections. When a client connects to a server, HOPM will scan the
> > > > > > > > connection for insecure proxies. Insecure proxies are determined
> > > > > > > > by attempting to connect the proxy back to another host (usually
> > > > > > > > the IRC server in question).
> > > > > > > > 
> > > > > > > > HOPM is written ground-up in C language and it is an improved fork
> > > > > > > > of BOPM (blitzed open proxy monitor), which is a concept derived
> > > > > > > > from wgmon. It improves on wgmon with HTTP support, faster scanning
> > > > > > > > (it can scan clients simultaneously), better layout (scalability)
> > > > > > > > and DNSBL support.
> > > > > > > > 
> > > > > > > > Looking for comments/feedback/testing to get this committed.
> > 
> > Some nits:
> > 
> >  - we can use DIST_TUPLE instead of SITES since upstream doesn't provide
> >    a distribution tarball.

Makes sense.

> >  - we can avoid patching the makefile and instead setting `sysconfdir' in
> >    FAKE_FLAGS.

This is much cleaner, thank you!

> >  - some of the patches didn't apply, had to regen them.
> 
> ops, i typoed the version when moving to DIST_TUPLE, no wonders some
> patches failed to apply... Sorry.  Attaching now a fixed tarball.
> 
> I've added some commentary to the patches and added one to fix the
> printing of one time_t.

Perfect.

> 
> > > [...]
> > > > > > > > diff --git a/infrastructure/db/user.list b/infrastructure/db/user.list
> > > > > > > > index 06bf2693c54..2189f6cd89e 100644
> > > > > > > > --- a/infrastructure/db/user.list
> > > > > > > > +++ b/infrastructure/db/user.list
> > > > > > > > @@ -408,3 +408,4 @@ id  user		group		port
> > > > > > > >  897 _croc		_croc		sysutils/croc
> > > > > > > >  898 _icingadb		_icingadb	net/icinga/icingadb
> > > > > > > >  899 _openhab		_openhab	misc/openhab
> > > > > > > > +900 _hopm		_hopm		net/hopm
> > 
> >  - Instead of using 900 we can reuse another UID, I'd prefer not to get
> >    too close to 1000.
> > 
> > cvs blame user.list | awk '/#/{print $3, $7}' | sort -t- -k3
> > 
> >    suggests _nginx that was retired in 2012.
> > 
> > > > > > > Added patches for pledge/unveil.
> > 
> > I'd postpone these for now if you agree.  It'll require me more time to
> > feel confident about these changes, so let's get hopm in the tree and
> > then add pledge.

Sure. This was my first attempt using pledge/unveil so I'm not overly
confident I didn't mess something up. I have, however, been running this
for some time with these patches applied without issue.

> > 
> > 
> > I'm attaching an updated tarball and the user.list diff that's ok op@ to
> > import.  I don't run IRCd so can't really test this at runtime, but the
> > port now looks fine to me.

Thank again for taking the time to review and the feedback!

> > 
> > 
> > Index: user.list
> > ===================================================================
> > RCS file: /home/cvs/ports/infrastructure/db/user.list,v
> > diff -u -p -r1.446 user.list
> > --- user.list	16 Jul 2024 20:25:49 -0000	1.446
> > +++ user.list	14 Aug 2024 09:25:04 -0000
> > @@ -101,7 +101,7 @@ id  user		group		port
> >  590 _smsd		_smsd		comms/smstools
> >  591 _bacula		_bacula		sysutils/bacula
> >  592 _imapproxy		_imapproxy	mail/imapproxy
> > -#593 _nginx		_nginx		www/nginx
> > +593 _hopm		_hopm		net/hopm
> >  #594 _ejabberd		_ejabberd	net/ejabberd
> >  595 _poppassd		_poppassd	sysutils/openpoppassd
> >  #596 _heartbeat		_heartbeat	sysutils/heartbeat
> 

-- 
Chaz