From: Omar Polo Subject: Re: [NEW]: net/hopm - open-proxy monitor irc bot To: Chaz Kettleson Cc: ports@openbsd.org Date: Wed, 14 Aug 2024 12:13:53 +0200 On 2024/08/14 12:02:46 +0200, Omar Polo wrote: > Hello, > > On 2024/08/11 15:20:32 -0400, Chaz Kettleson wrote: > > On Sun, Aug 04, 2024 at 02:23:15PM GMT, Chaz Kettleson wrote: > > > On Sat, Jul 27, 2024 at 09:11:57AM GMT, chaz@pyr3x.com wrote: > > > > On Tue, Jul 23, 2024 at 08:02:08PM GMT, chaz@pyr3x.com wrote: > > > > > On Tue, Jul 23, 2024 at 07:49:47PM GMT, chaz@pyr3x.com wrote: > > > > > > On Sun, Jul 21, 2024 at 11:35:16AM GMT, chaz@pyr3x.com wrote: > > > > > > > Hello, > > > > > > > > > > > > > > Attached is a new port HOPM. > > > > > > > > > > > > > > HOPM (Hybrid Open Proxy Monitor) is an open-proxy monitoring bot > > > > > > > designed to monitor an individual server (all servers on the network > > > > > > > have to run their own bot if the IRCd does not support the "far > > > > > > > connect" user mode) with a local operator {} block and monitor > > > > > > > connections. When a client connects to a server, HOPM will scan the > > > > > > > connection for insecure proxies. Insecure proxies are determined > > > > > > > by attempting to connect the proxy back to another host (usually > > > > > > > the IRC server in question). > > > > > > > > > > > > > > HOPM is written ground-up in C language and it is an improved fork > > > > > > > of BOPM (blitzed open proxy monitor), which is a concept derived > > > > > > > from wgmon. It improves on wgmon with HTTP support, faster scanning > > > > > > > (it can scan clients simultaneously), better layout (scalability) > > > > > > > and DNSBL support. > > > > > > > > > > > > > > Looking for comments/feedback/testing to get this committed. > > Some nits: > > - we can use DIST_TUPLE instead of SITES since upstream doesn't provide > a distribution tarball. > - we can avoid patching the makefile and instead setting `sysconfdir' in > FAKE_FLAGS. > - some of the patches didn't apply, had to regen them. ops, i typoed the version when moving to DIST_TUPLE, no wonders some patches failed to apply... Sorry. Attaching now a fixed tarball. I've added some commentary to the patches and added one to fix the printing of one time_t. > > [...] > > > > > > > diff --git a/infrastructure/db/user.list b/infrastructure/db/user.list > > > > > > > index 06bf2693c54..2189f6cd89e 100644 > > > > > > > --- a/infrastructure/db/user.list > > > > > > > +++ b/infrastructure/db/user.list > > > > > > > @@ -408,3 +408,4 @@ id user group port > > > > > > > 897 _croc _croc sysutils/croc > > > > > > > 898 _icingadb _icingadb net/icinga/icingadb > > > > > > > 899 _openhab _openhab misc/openhab > > > > > > > +900 _hopm _hopm net/hopm > > - Instead of using 900 we can reuse another UID, I'd prefer not to get > too close to 1000. > > cvs blame user.list | awk '/#/{print $3, $7}' | sort -t- -k3 > > suggests _nginx that was retired in 2012. > > > > > > > Added patches for pledge/unveil. > > I'd postpone these for now if you agree. It'll require me more time to > feel confident about these changes, so let's get hopm in the tree and > then add pledge. > > > I'm attaching an updated tarball and the user.list diff that's ok op@ to > import. I don't run IRCd so can't really test this at runtime, but the > port now looks fine to me. > > > Index: user.list > =================================================================== > RCS file: /home/cvs/ports/infrastructure/db/user.list,v > diff -u -p -r1.446 user.list > --- user.list 16 Jul 2024 20:25:49 -0000 1.446 > +++ user.list 14 Aug 2024 09:25:04 -0000 > @@ -101,7 +101,7 @@ id user group port > 590 _smsd _smsd comms/smstools > 591 _bacula _bacula sysutils/bacula > 592 _imapproxy _imapproxy mail/imapproxy > -#593 _nginx _nginx www/nginx > +593 _hopm _hopm net/hopm > #594 _ejabberd _ejabberd net/ejabberd > 595 _poppassd _poppassd sysutils/openpoppassd > #596 _heartbeat _heartbeat sysutils/heartbeat