Here is a patch to tct-1.07 fstools that adds ext2fs support to non-linux architectures. I have tested the modified tools during the challenges of the honeynet project to analyze linux filesystems on OpenBSD 2.8 and 2.9. I have added an ext2fs_emul.[ch] module, that is based on the existing tct ext2fs.c source, and OpenBSD's ext2fs related headers (thus, the headers have BSD license). I have added related defines to the fs_tools.h and there are slight changes to the Makefile and ffs.c (to use a zero dtime). The modifications are in the attached diff file. installation instructions: 1. change to src/fstools directory under tct-1.07 and extract the attached fstools.tgz file. You should have three files: fstools.diff: patch to the Makefile and fstools.h and ffs.c files ext2fs_emul.c, ext2fs_emul.h: emulation source and header 2. Apply the patch. patch <fstools.diff 3. If not using OpenBSD 2.x modify the the fstools.h header file by adding the following lines to the section related to your OS. #define HAVE_EXT2FS_EMUL #define EXT2FS_TYPE "ext2fs" #include "ext2fs_emul.h" #define HAVE_DTIME 4. Compile by running 'make' at the tct base directory. 5. now ils and icat utilities will have ext2fs support using the '-f ext2fs' switch. I only modified the OpenBSD section in the fs_tools.h but the sources should compile on any supported architecture after making appropriate changes to fstools.h There is still the endianness problem: you cannot read sparc ufs on i386 or i386 ext2fs on sparc. Therefore, the above patches are only useful on i386 *BSD and Solaris i386. I am planning to work on cross architecture reading of fs dumps but I do not have much time right now. Can E. Acar
This archive was generated by hypermail 2b30 : Tue Aug 07 2001 - 14:59:01 PDT