net-mgmt/pfSense-pkg-ANDwatch: Add ANDwatch package. Implement #16070.

Author: dennypage

net-mgmt/pfSense-pkg-ANDwatch/Makefile

@@ -0,0 +1,51 @@
+
+PORTNAME=	pfSense-pkg-ANDwatch
+PORTVERSION=	2.1
+CATEGORIES=	net-mgmt
+MASTER_SITES=	# empty
+DISTFILES=	# empty
+
+MAINTAINER=	dennypage@me.com
+COMMENT=	pfSense package ANDwatch
+WWW=		https://github.com/dennypage/andwatch
+
+LICENSE=	APACHE20
+
+RUN_DEPENDS=	andwatch>=2.1.0:net-mgmt/andwatch
+
+NO_BUILD=	yes
+NO_MTREE=	yes
+
+SUB_FILES=	pkg-install pkg-deinstall
+SUB_LIST=	PORTNAME=${PORTNAME}
+
+do-extract:
+	${MKDIR} ${WRKSRC}
+
+do-install:
+	${MKDIR} ${STAGEDIR}${PREFIX}/pkg
+	${MKDIR} ${STAGEDIR}/etc/inc/priv
+	${MKDIR} ${STAGEDIR}${PREFIX}/www/shortcuts
+	${MKDIR} ${STAGEDIR}${DATADIR}
+	${INSTALL_DATA} ${FILESDIR}${PREFIX}/pkg/andwatch.xml \
+		${STAGEDIR}${PREFIX}/pkg
+	${INSTALL_DATA} ${FILESDIR}${PREFIX}/pkg/andwatch.inc \
+		${STAGEDIR}${PREFIX}/pkg
+	${INSTALL_DATA} ${FILESDIR}${PREFIX}/pkg/andwatch-notify.php \
+		${STAGEDIR}${PREFIX}/pkg
+	${INSTALL_DATA} ${FILESDIR}/etc/inc/priv/andwatch.priv.inc \
+		${STAGEDIR}/etc/inc/priv
+	${INSTALL_DATA} ${FILESDIR}${DATADIR}/info.xml \
+		${STAGEDIR}${DATADIR}
+	${INSTALL_DATA} ${FILESDIR}${PREFIX}/www/shortcuts/pkg_andwatch.inc \
+		${STAGEDIR}${PREFIX}/www/shortcuts
+	${INSTALL_DATA} ${FILESDIR}${PREFIX}/www/andwatch.php \
+		${STAGEDIR}${PREFIX}/www
+	${INSTALL_DATA} ${FILESDIR}${PREFIX}/www/status_andwatch.php \
+		${STAGEDIR}${PREFIX}/www
+	${CHMOD} 555 ${STAGEDIR}${PREFIX}/pkg/andwatch-notify.php
+
+	@${REINPLACE_CMD} -i '' -e "s|%%PKGVERSION%%|${PKGVERSION}|" \
+		${STAGEDIR}${DATADIR}/info.xml
+
+.include <bsd.port.mk>

net-mgmt/pfSense-pkg-ANDwatch/files/etc/inc/priv/andwatch.priv.inc

@@ -0,0 +1,36 @@
+<?php
+/*
+ * andwatch.priv.inc
+ *
+ * part of pfSense (https://www.pfsense.org)
+ * Copyright (c) 2025 Denny Page
+ * All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+global $priv_list;
+
+$priv_list['page-services-andwatch'] = array();
+$priv_list['page-services-andwatch']['name'] = "WebCfg - Services: ANDwatch";
+$priv_list['page-services-andwatch']['descr'] = "Access the ANDwatch package configuration";
+$priv_list['page-services-andwatch']['match'] = array();
+$priv_list['page-services-andwatch']['match'][] = "andwatch.php";
+
+$priv_list['page-status-andwatch'] = array();
+$priv_list['page-status-andwatch']['name'] = "WebCfg - Status: ANDwatch Database";
+$priv_list['page-status-andwatch']['descr'] = "Access the ANDwatch package database";
+$priv_list['page-status-andwatch']['match'] = array();
+$priv_list['page-status-andwatch']['match'][] = "status_andwatch.php*";
+
+?>

net-mgmt/pfSense-pkg-ANDwatch/files/pkg-deinstall.in

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+/usr/local/bin/php -f /etc/rc.packages %%PORTNAME%% ${2}

net-mgmt/pfSense-pkg-ANDwatch/files/pkg-install.in

@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ "${2}" != "POST-INSTALL" ]; then
+	exit 0
+fi
+
+${PKG_ROOTDIR}/usr/local/bin/php -f ${PKG_ROOTDIR}/etc/rc.packages %%PORTNAME%% ${2}

net-mgmt/pfSense-pkg-ANDwatch/files/usr/local/pkg/andwatch-notify.php

@@ -0,0 +1,25 @@
+#!/usr/bin/env php
+<?php
+require_once("notices.inc");
+
+$timestamp=$argv[1];
+$ifname=convert_real_interface_to_friendly_descr($argv[2]);
+$hostname=$argv[3];
+$ipaddr=$argv[4];
+$new_hwaddr=$argv[5];
+$new_hwaddr_org=$argv[6];
+$old_hwaddr=$argv[7];
+$old_hwaddr_org=$argv[8];
+
+$msg = "\nANDwatch notificaton\n\n";
+$msg .= sprintf("%22s: %s\n", "timestamp", $timestamp);
+$msg .= sprintf("%22s: %s\n", "interface", $ifname);
+$msg .= sprintf("%22s: %s\n", "hostname", $hostname);
+$msg .= sprintf("%22s: %s\n", "ip address", $ipaddr);
+$msg .= sprintf("%22s: %s\n", "new ethernet address", $new_hwaddr);
+$msg .= sprintf("%22s: %s\n", "new ethernet org", $new_hwaddr_org);
+$msg .= sprintf("%22s: %s\n", "old ethernet address", $old_hwaddr);
+$msg .= sprintf("%22s: %s\n", "old ethernet org", $old_hwaddr_org);
+
+notify_all_remote($msg);
+?>

net-mgmt/pfSense-pkg-ANDwatch/files/usr/local/pkg/andwatch.inc

@@ -0,0 +1,201 @@
+<?php
+/*
+ * andwatch.inc
+ *
+ * part of pfSense (https://www.pfsense.org)
+ * Copyright (c) 2025 Denny Page
+ * All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+require_once("config.inc");
+require_once("functions.inc");
+require_once("util.inc");
+require_once("service-utils.inc");
+
+const ANDWATCH_SVC_NAME = 'andwatchd';
+const ANDWATCH_RC_FILE = '/usr/local/etc/rc.d/andwatch.sh';
+const ANDWATCHD_CMD = '/usr/local/bin/andwatchd';
+const ANDWATCHD_NOTIFY_CMD = '/usr/local/pkg/andwatch-notify.php';
+const ANDWATCHD_PID_PREFIX = '/var/run/andwatch-';
+const ANDWATCH_MA_DB_FILE = '/var/db/andwatch/ma_db.sqlite';
+const ANDWATCH_UPDATE_MA_CMD = '/usr/local/bin/andwatch-update-ma';
+const ANDWATCH_QUERY_CMD = '/usr/local/bin/andwatch-query';
+
+$shortcut_section = 'andwatch';
+
+// Is ANDwatch enabled?
+function andwatch_enabled() {
+	return (config_get_path('installedpackages/andwatch/enable', false));
+}
+
+
+// Write the rc file
+function andwatch_write_rcfile() {
+	// Get the current configuration
+	$current_config = config_get_path('installedpackages/andwatch');
+
+	// Get the real interface names
+	$interfaces = array();
+	foreach (array_filter(explode(',', array_get_path($current_config, 'active_interfaces', ''))) as $interface) {
+		$interface_name = get_real_interface($interface);
+		if (!isset($interface_name)) {
+			continue;
+		}
+		$interfaces[$interface] = $interface_name;
+	}
+
+	// Ensure the assignments database exists
+	$start = "if [ \! -f " . ANDWATCH_MA_DB_FILE . " ]\n";
+	$start .= "\tthen\n";
+	$start .= "\t\techo Updating MAC Assignments database\n";
+	$start .= "\t\t" . ANDWATCH_UPDATE_MA_CMD . "\n";
+	$start .= "\tfi\n\n";
+
+	// Individual daemons
+	$start .= "\techo Starting ANDwatch daemons";
+	foreach ($interfaces as $interface => $real_interface) {
+		// Basic configuration with syslog and pid file
+		$cmd = ANDWATCHD_CMD . " -s -p " . ANDWATCHD_PID_PREFIX . "{$real_interface}.pid";
+
+		// Notifications
+		if (array_get_path($current_config, "interfaces/{$interface}/notifications", false)) {
+			$cmd .= " -n " . ANDWATCHD_NOTIFY_CMD;
+		}
+
+		// Expiration (andwatchd default is 30)
+		$expiration = array_get_path($current_config, "interfaces/{$interface}/expiration", '30');
+		if (is_numericint($expiration) && ($expiration != '30')) {
+			$cmd .= " -O {$expiration}";
+		}
+
+		// PCAP filter
+		$filter = null;
+		switch (array_get_path($current_config, "interfaces/{$interface}/pcap_filter", 'none')) {
+			case 'link-local':
+				$filter = "'not net 169.254.0.0/16 and not net fe80::0/10'";
+				break;
+			case 'link-local-unique':
+				$filter = "'not net 169.254.0.0/16 and not net fe80::0/10 and not net fc00::0/7'";
+				break;
+			case 'custom':
+				$filter = escapeshellarg(trim(array_get_path($current_config, "interfaces/{$interface}/custom_filter")));
+				break;
+		}
+		if (!empty($filter)) {
+			$cmd .= " -F " . $filter;
+		}
+
+		$cmd .= " {$real_interface}";
+		$start .= "\n\t{$cmd}";
+	}
+
+	// Write the rc file
+	$stop = '/usr/bin/killall ' . ANDWATCH_SVC_NAME;
+	write_rcfile(array(
+		"file" => "andwatch.sh",
+		"start" => $start,
+		"stop" => $stop
+		)
+	);
+}
+
+
+// Sync the config
+function andwatch_sync_config() {
+	// Stop the service if it is currently running
+	if (is_service_running(ANDWATCH_SVC_NAME)) {
+		log_error("Stopping service ANDwatch");
+		stop_service(ANDWATCH_SVC_NAME);
+	}
+
+	// If the service is now disabled, remove the cron job and rc file
+	if (!andwatch_enabled()) {
+		install_cron_job(ANDWATCH_UPDATE_MA_CMD, false);
+		unlink_if_exists(ANDWATCH_RC_FILE);
+		return;
+	}
+
+	// Set a cron job to update the MAC registration database
+ 	$cron_already_installed = false;
+ 	foreach (config_get_path('cron/item', []) as $item) {
+ 		if ($item['command'] == ANDWATCH_UPDATE_MA_CMD) {
+ 			$cron_already_installed = true;
+ 			break;
+ 		}
+ 	}
+ 	if ($cron_already_installed == false) {
+ 		install_cron_job(ANDWATCH_UPDATE_MA_CMD, true, rand(0,59), rand(0,23), '1,15', '*', '*', 'root', true);
+ 	}
+
+	// Write the rc file
+	andwatch_write_rcfile();
+
+	// Take no further action during platform boot
+	if (is_platform_booting()) {
+		return;
+	}
+
+	// Start the service
+	log_error("Starting service ANDwatch");
+	start_service(ANDWATCH_SVC_NAME);
+}
+
+
+// Clean up on deinstall
+function andwatch_deinstall_command() {
+	if (is_service_running(ANDWATCH_SVC_NAME)) {
+		log_error("Stopping service ANDwatch");
+		stop_service(ANDWATCH_SVC_NAME);
+	}
+
+	install_cron_job(ANDWATCH_UPDATE_MA_CMD, false);
+	unlink_if_exists(ANDWATCH_RC_FILE);
+}
+
+
+// Run a query
+function andwatch_query_interface($ifname, $all = false)
+{
+	$entries = array();
+
+	// Build the query command
+	$cmd = ANDWATCH_QUERY_CMD;
+	if ($all) {
+		$cmd .= ' -a';
+	}
+	$cmd .= ' ' . get_real_interface($ifname);
+
+	// Run the query
+	$pipe = popen($cmd, 'r');
+	if ($pipe) {
+		while ($line = fgets($pipe)) {
+			list($date, $time, $age, $hostname, $ipaddr, $hwaddr, $org) = sscanf(trim($line), '%s %s %s %s %s %s %[^$]s');
+			$entry = [
+				'datetime' => "$date $time",
+				'age' => $age,
+				'hostname' => $hostname,
+				'ipaddr' => $ipaddr,
+				'hwaddr' => $hwaddr,
+				'org' => $org
+			];
+			$entries[] = $entry;
+		}
+		pclose($pipe);
+	}
+
+	return $entries;
+}
+
+?>

net-mgmt/pfSense-pkg-ANDwatch/files/usr/local/pkg/andwatch.xml

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<!DOCTYPE packagegui SYSTEM "../schema/packages.dtd">
+<?xml-stylesheet type="text/xsl" href="../xsl/package.xsl"?>
+<packagegui>
+	<copyright>
+	<![CDATA[
+/*
+ * andwatch.xml
+ *
+ * part of pfSense (https://www.pfsense.org)
+ * Copyright (c) 2025 Denny Page
+ * All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+	]]>
+	</copyright>
+	<name>andwatch</name>
+	<title>Services: ANDwatch</title>
+	<include_file>/usr/local/pkg/andwatch.inc</include_file>
+	<menu>
+		<name>ANDwatch</name>
+		<tooltiptext>ANDwatch Settings</tooltiptext>
+		<section>Services</section>
+		<url>/andwatch.php</url>
+	</menu>
+	<menu>
+		<name>ANDwatch Database</name>
+		<tooltiptext>ANDwatch Database</tooltiptext>
+		<section>Status</section>
+		<url>/status_andwatch.php</url>
+	</menu>
+	<service>
+		<name>andwatchd</name>
+		<rcfile>andwatch.sh</rcfile>
+		<executable>andwatchd</executable>
+		<description>ANDwatch Daemon</description>
+		<starts_on_sync></starts_on_sync>
+	</service>
+	<custom_php_resync_config_command>
+		andwatch_sync_config();
+	</custom_php_resync_config_command>
+	<custom_php_pre_deinstall_command>
+		andwatch_deinstall_command();
+	</custom_php_pre_deinstall_command>
+</packagegui>

net-mgmt/pfSense-pkg-ANDwatch/files/usr/local/share/pfSense-pkg-ANDwatch/info.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<pfsensepkgs>
+	<package>
+		<name>ANDwatch</name>
+		<website>https://github.com/dennypage/andwatch/</website>
+		<descr><![CDATA[ANDwatch monitors ARP and Neighbor Discovery activity, maintains a database of IP to Ethernet address mappings, and sends notifications when a mapping changes.]]></descr>
+		<version>%%PKGVERSION%%</version>
+		<configurationfile>andwatch.xml</configurationfile>
+	</package>
+</pfsensepkgs>