Merge pull request #115325 from 0x4A6F/master-nethoscope

nethoscope: init at 0.1.1
2022-04-09 17:56:31 +01:00 · 2022-04-09 17:56:31 +01:00 · 456ead74f5
parent 7689f188c9 a876b46fef
commit 456ead74f5
6 changed files with 101 additions and 0 deletions
--- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
+++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml
@ -130,6 +130,13 @@
          <link xlink:href="option.html#opt-services.matrix-conduit.enable">services.matrix-conduit</link>.
        </para>
      </listitem>
+      <listitem>
+        <para>
+          <link xlink:href="https://github.com/vvilhonen/nethoscope">nethoscope</link>,
+          listen to your network traffic. Available as
+          <link linkend="opt-programs.nethoscope.enable">programs.nethoscope</link>.
+        </para>
+      </listitem>
      <listitem>
        <para>
          <link xlink:href="https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html">filebeat</link>,
--- a/nixos/doc/manual/release-notes/rl-2205.section.md
+++ b/nixos/doc/manual/release-notes/rl-2205.section.md
@ -41,6 +41,8 @@ In addition to numerous new and upgraded packages, this release has the followin

 - [matrix-conduit](https://conduit.rs/), a simple, fast and reliable chat server powered by matrix. Available as [services.matrix-conduit](option.html#opt-services.matrix-conduit.enable).

+- [nethoscope](https://github.com/vvilhonen/nethoscope), listen to your network traffic. Available as [programs.nethoscope](#opt-programs.nethoscope.enable).
+
 - [filebeat](https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-overview.html), a lightweight shipper for forwarding and centralizing log data. Available as [services.filebeat](#opt-services.filebeat.enable).

 - [apfs](https://github.com/linux-apfs/linux-apfs-rw), a kernel module for mounting the Apple File System (APFS).
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@ -185,6 +185,7 @@
  ./programs/nbd.nix
  ./programs/nix-ld.nix
  ./programs/neovim.nix
+  ./programs/nethoscope.nix
  ./programs/nm-applet.nix
  ./programs/nncp.nix
  ./programs/npm.nix
--- a/nixos/modules/programs/nethoscope.nix
+++ b/nixos/modules/programs/nethoscope.nix
@ -0,0 +1,30 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let cfg = config.programs.nethoscope;
+in
+{
+  meta.maintainers = with maintainers; [ _0x4A6F ];
+
+  options = {
+    programs.nethoscope = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to add nethoscope to the global environment and configure a
+          setcap wrapper for it.
+        '';
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [ nethoscope ];
+    security.wrappers.nethoscope = {
+      source = "${pkgs.nethoscope}/bin/nethoscope";
+      capabilities = "cap_net_raw,cap_net_admin=eip";
+    };
+  };
+}
--- a/pkgs/tools/networking/nethoscope/default.nix
+++ b/pkgs/tools/networking/nethoscope/default.nix
@ -0,0 +1,59 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, rustPlatform
+, pkg-config
+, alsa-lib
+, libpcap
+, expect
+}:
+
+rustPlatform.buildRustPackage rec {
+  pname = "nethoscope";
+  version = "0.1.1";
+
+  src = fetchFromGitHub {
+    owner = "vvilhonen";
+    repo = "nethoscope";
+    rev = "v${version}";
+    sha256 = "0dsv1f0ncwji8x7q1ix62955qji4jijgjx6xg3hxvl0vvvwqxcdz";
+  };
+
+  cargoSha256 = "0cl0i4m8fxyxfib95x90x6qr284y41wwgwqhflyfa7d3r6qwq8nk";
+
+  nativeBuildInputs = [
+    pkg-config
+  ];
+  buildInputs = [
+    alsa-lib
+    libpcap
+  ];
+
+  LD_LIBRARY_PATH = lib.makeLibraryPath [
+    libpcap
+    alsa-lib
+  ];
+
+  doInstallCheck = true;
+  installCheckPhase = ''
+    if [[ "$(${expect}/bin/unbuffer "$out/bin/${pname}" --help 2> /dev/null | strings | grep ${version} | tr -d '\n')" == " ${version}" ]]; then
+      echo '${pname} smoke check passed'
+    else
+      echo '${pname} smoke check failed'
+      return 1
+    fi
+  '';
+
+  meta = with lib; {
+    description = "Listen to your network traffic";
+    longDescription = ''
+      Employ your built-in wetware pattern recognition and
+      signal processing facilities to understand your network traffic.
+    '';
+    homepage = "https://github.com/vvilhonen/nethoscope";
+    license = licenses.isc;
+    maintainers = with maintainers; [ _0x4A6F ];
+    platforms = platforms.linux;
+  };
+
+}
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -8214,6 +8214,8 @@ with pkgs;

  nethogs = callPackage ../tools/networking/nethogs { };

+  nethoscope = callPackage ../tools/networking/nethoscope { };
+
  netkittftp = callPackage ../tools/networking/netkit/tftp { };

  netlify-cli = callPackage ../development/web/netlify-cli { };