From e1c14c7f42865baa641ff3ed1d0899cd553be7c8 Mon Sep 17 00:00:00 2001
From: Graeme Connell <gsconnell@gmail.com>
Date: Tue, 8 Jan 2019 11:21:50 -0700
Subject: [PATCH 1/2] Fix URL of MIT pcap data.

---
 integration_test/test.sh | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/integration_test/test.sh b/integration_test/test.sh
index 1ed93194..a2ccdd7a 100755
--- a/integration_test/test.sh
+++ b/integration_test/test.sh
@@ -19,6 +19,7 @@ PORT="${PORT-9123}"
 BASEDIR="${BASEDIR-/tmp}"
 SKIP_CLEANUP="${SKIP_CLEANUP}"
 SANITIZE="${SANITIZE}"
+PCAP_URL="ftp://ftp.ll.mit.edu/outgoing/darpa/data/2000/LLS_DDOS_1.0/data_and_labeling/tcpdump_inside/LLS_DDOS_1.0-inside.dump.gz"
 
 set -e
 cd $(dirname $0)
@@ -27,9 +28,7 @@ source ../lib.sh
 function PullDownTestData {
   if [ ! -f $BASEDIR/steno_integration_test.pcap ]; then
     Info "Pulling down pcap data"
-    # Test data pulled from
-    # http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000/LLS_DDOS_1.0.html
-    curl -L 'http://www.ll.mit.edu/mission/communications/cyber/CSTcorpora/ideval/data/2000/LLS_DDOS_1.0/data_and_labeling/tcpdump_inside/LLS_DDOS_1.0-inside.dump.gz' > $BASEDIR/steno_integration_test.pcap.gz
+    curl -L "$PCAP_URL" > $BASEDIR/steno_integration_test.pcap.gz
     gunzip $BASEDIR/steno_integration_test.pcap.gz
   fi
 }

From 819925a49f9e81c587c9afb8392777add463deda Mon Sep 17 00:00:00 2001
From: Graeme Connell <gsconnell@gmail.com>
Date: Tue, 22 Jan 2019 11:58:19 -0700
Subject: [PATCH 2/2] Add openat() seccomp.

Ubuntu seems to now use openat instead of open underlying the open()
POSIX call.
---
 stenotype/stenotype.cc | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/stenotype/stenotype.cc b/stenotype/stenotype.cc
index e90cf795..36a62d9a 100644
--- a/stenotype/stenotype.cc
+++ b/stenotype/stenotype.cc
@@ -370,6 +370,11 @@ void DropPacketThreadPrivileges() {
       ctx, SCMP_ACT_ALLOW, SCMP_SYS(open), 2,
       SCMP_A1(SCMP_CMP_EQ, O_WRONLY | O_CREAT | O_DSYNC | O_DIRECT),
       SCMP_A2(SCMP_CMP_EQ, 0600));
+  SECCOMP_RULE_ADD(
+      ctx, SCMP_ACT_ALLOW, SCMP_SYS(openat), 3,
+      SCMP_A0(SCMP_CMP_EQ, AT_FDCWD),
+      SCMP_A2(SCMP_CMP_EQ, O_WRONLY | O_CREAT | O_DSYNC | O_DIRECT),
+      SCMP_A3(SCMP_CMP_EQ, 0600));
   SECCOMP_RULE_ADD(ctx, SCMP_ACT_ALLOW, SCMP_SYS(getsockopt), 0);
   SECCOMP_RULE_ADD(ctx, SCMP_ACT_ALLOW, SCMP_SYS(rename), 0);
 #ifdef TESTIMONY