Initial import of firewalk-1.0 into the NetBSD Packages Collection.

Firewalking is a technique developed by Mike D. Schiffman and David E.
Goldsmith that employs traceroute-like techniques to analyze IP packet
responses to determine gateway ACL filters and map networks.
Firewalk the tool employs the technique to determine the filter rules
in place on a packet forwarding device.

This package was provided in PR 14020 by xs@nitric.net. I split it into
two separate packages, firewalk-gtk and firewalk, and modified it to use
buildlink functionality.

8 files changed, 219 insertions, 0 deletions

diff --git a/net/firewalk/Makefile b/net/firewalk/Makefile
new file mode 100644
index 00000000000..bd68c5c6617
--- /dev/null
+++ b/net/firewalk/Makefile
@@ -0,0 +1,20 @@
+# $NetBSD: Makefile,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+DISTNAME=	firewalk-1.0
+CATEGORIES=	net security
+MASTER_SITES=	http://www.packetfactory.net/Projects/firewalk/
+
+MAINTAINER=	xs@nitric.net
+HOMEPAGE=	http://www.packetfactory.net/Projects/firewalk/
+COMMENT=	Firewalk determines the filter rules on a packet forwarding device
+
+WRKSRC=         ${WRKDIR}/${DISTNAME:C/f/F/}
+
+GNU_CONFIGURE=	#defined
+CONFIGURE_ENV+=	CFLAGS=-I${LOCALBASE}/include
+CONFIGURE_ARGS+= --with-gtk=no
+
+MAKE_ENV+=	LIBS="-L${LOCALBASE}/lib" FIREWALK_LOC=${LOCALBASE}
+
+.include "../../devel/libnet/buildlink.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/net/firewalk/distinfo b/net/firewalk/distinfo
new file mode 100644
index 00000000000..319b7a8da51
--- /dev/null
+++ b/net/firewalk/distinfo
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+SHA1 (firewalk-1.0.tar.gz) = c8ade2a59b1e20e3e7800e6ac7702628773e24ad
+Size (firewalk-1.0.tar.gz) = 75573 bytes
+SHA1 (patch-aa) = a2fb24de0713e650f651dfd0e733d9b83462457e
+SHA1 (patch-ab) = 79a950620c539413fa6990a9202d3ad97ad807ca
+SHA1 (patch-ac) = 6ac2733b0a3bb2e7ae27c9b6b220381d0b9ee282
+SHA1 (patch-ad) = 4c49be6af143237a2b4f3839caa00b439d781ae6
diff --git a/net/firewalk/patches/patch-aa b/net/firewalk/patches/patch-aa
new file mode 100644
index 00000000000..829e7a189d2
--- /dev/null
+++ b/net/firewalk/patches/patch-aa
@@ -0,0 +1,106 @@
+$NetBSD: patch-aa,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+--- packet.c.orig	Sat Sep  8 22:43:44 2001
++++ packet.c	Sat Sep  8 22:44:45 2001
+@@ -42,24 +42,24 @@
+ int
+ icmp_verify(u_char *packet, struct firepack *fp)
+ {
+-    struct ip *ip_hdr;
+-    struct icmphdr *icmp_hdr;
+-    struct ip *origip_hdr;
+-    struct udphdr *origudp_hdr;
++    struct libnet_ip_hdr *ip_hdr;
++    struct libnet_icmp_hdr *icmp_hdr;
++    struct libnet_ip_hdr *origip_hdr;
++    struct libnet_udp_hdr *origudp_hdr;
+ 
+-    ip_hdr   = (struct ip *)(packet + fp->packet_offset);
+-    icmp_hdr = (struct icmphdr *)(packet + fp->packet_offset + IP_H);
++    ip_hdr   = (struct libnet_ip_hdr *)(packet + fp->packet_offset);
++    icmp_hdr = (struct libnet_icmp_hdr *)(packet + fp->packet_offset + IP_H);
+ 
+-    switch (icmp_hdr->type)
++    switch (icmp_hdr->icmp_type)
+     {
+-        case ICMP_DEST_UNREACH:
+-        case ICMP_TIME_EXCEEDED:
++        case ICMP_UNREACH:
++        case ICMP_TIMXCEED:
+             /*
+              *  The ICMP error message contains the IP header and first 8
+              *  bytes of data of datagram that caused the error.
+              */
+             origip_hdr =
+-                (struct ip *)(packet + fp->packet_offset + IP_H + ICMP_H + 4);
++                (struct libnet_ip_hdr *)(packet + fp->packet_offset + IP_H + ICMP_H + 4);
+ 
+             /*
+              *  Was this a UDP or TCP packet that caused the problem?  If not,
+@@ -78,7 +78,7 @@
+              *  having a UDP header.
+              */
+             origudp_hdr =
+-                (struct udphdr *)
++                (struct libnet_udp_hdr *)
+                 (packet + fp->packet_offset + 2 * IP_H + ICMP_H + 4);
+ 
+             /*
+@@ -92,22 +92,22 @@
+                  */
+                 if (ip_hdr->ip_src.s_addr == fp->gateway)
+                 {
+-                    return (icmp_hdr->type == ICMP_DEST_UNREACH ?
++                    return (icmp_hdr->icmp_type == ICMP_UNREACH ?
+                         UNREACH_GW_REPLY : EXPIRED_GW_REPLY);
+                 }
+                 /*
+                  *  This is a response from the destination host.
+                  */
+-                if (icmp_hdr->type == ICMP_DEST_UNREACH &&
++                if (icmp_hdr->icmp_type == ICMP_UNREACH &&
+                     ip_hdr->ip_src.s_addr == fp->destination)
+                 {
+-                    return (icmp_hdr->type == ICMP_DEST_UNREACH ?
++                    return (icmp_hdr->icmp_type == ICMP_UNREACH ?
+                         UNREACH_DEST_REPLY : EXPIRED_DEST_REPLY);
+                 }
+             /*
+              *  This is just a standard TTL expired reply.
+              */
+-             return (icmp_hdr->type == ICMP_DEST_UNREACH ? UNREACH_REPLY :
++             return (icmp_hdr->icmp_type == ICMP_UNREACH ? UNREACH_REPLY :
+                 EXPIRED_REPLY);
+             }
+         default:
+@@ -249,9 +249,9 @@
+ void
+ print_ip(u_char *packet)
+ {
+-    struct ip *ip_hdr;
++    struct libnet_ip_hdr *ip_hdr;
+ 
+-    ip_hdr = (struct ip *)(packet + fp->packet_offset);
++    ip_hdr = (struct libnet_ip_hdr *)(packet + fp->packet_offset);
+     fire_write("[%s]", libnet_host_lookup(ip_hdr->ip_src.s_addr, fp->use_name));
+ }
+ 
+@@ -259,14 +259,14 @@
+ u_char *
+ print_unreach_code(u_char *packet)
+ {
+-    struct icmphdr *icmp_hdr;
++    struct libnet_icmp_hdr *icmp_hdr;
+ 
+-    icmp_hdr = (struct icmphdr *)(packet + fp->packet_offset + IP_H);
+-    if (icmp_hdr->code > 15)
++    icmp_hdr = (struct libnet_icmp_hdr *)(packet + fp->packet_offset + IP_H);
++    if (icmp_hdr->icmp_code > 15)
+     {
+         return ("Unkown unreachable code");
+     }
+-    return (unreachables[icmp_hdr->code]);
++    return (unreachables[icmp_hdr->icmp_code]);
+ }
+ 
+ 
diff --git a/net/firewalk/patches/patch-ab b/net/firewalk/patches/patch-ab
new file mode 100644
index 00000000000..08af7750650
--- /dev/null
+++ b/net/firewalk/patches/patch-ab
@@ -0,0 +1,28 @@
+$NetBSD: patch-ab,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+--- Makefile.in.orig	Sat Feb  3 20:24:09 2001
++++ Makefile.in	Sun Sep  9 11:54:51 2001
+@@ -7,13 +7,13 @@
+ #   @configure_input@
+ 
+ FIREWALK    =   firewalk
+-FIREWALK_LOC=   /usr/local
++FIREWALK_LOC?=  /usr/local
+ FIREWALK_MAN=   $(FIREWALK).1
+ INSTALL     =   ./install-sh
+ DEFINES     +=  @DEFS@ `libnet-config --defines`
+ CFLAGS      =   @CFLAGS@
+ CPPFLAGS    =   @CPPFLAGS@
+-LIBS        =   -lnet -lpcap @FW_GTK_CONFIG@ `libnet-config --libs`
++LIBS        +=  -lnet -lpcap @FW_GTK_CONFIG@ `libnet-config --libs`
+ OBJECTS     =   main.o firewalk.o watcher.o p_cap.o signal.o \
+ 		packet.o udptcpwalk.o port_list.o util.o @FW_GTK_OBJS@
+ 
+@@ -31,6 +31,7 @@
+ 	sed -e 's/.*/static char version[] = "&";/' ./VERSION > $@
+ 
+ install: firewalk
++	$(INSTALL) -d -m 0755 $(FIREWALK_LOC)/bin $(FIREWALK_LOC)/man/man1
+ 	$(INSTALL) -c -m 0700 $(FIREWALK) $(FIREWALK_LOC)/bin
+ 	$(INSTALL) -c -m 0644 $(FIREWALK_MAN) $(FIREWALK_LOC)/man/man1
+ 
diff --git a/net/firewalk/patches/patch-ac b/net/firewalk/patches/patch-ac
new file mode 100644
index 00000000000..9dc7be06bad
--- /dev/null
+++ b/net/firewalk/patches/patch-ac
@@ -0,0 +1,24 @@
+$NetBSD: patch-ac,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+--- gtk_main.c.orig	Tue Sep 11 19:34:13 2001
++++ gtk_main.c	Tue Sep 11 19:34:45 2001
+@@ -35,15 +35,15 @@
+ #if (HAVE_CONFIG_H)
+ #include "./config.h"
+ #endif
++#include "./main.h"
++#include "./packet.h"
++#include "./firewalk.h"
+ #include "./gtk_main.h"
+ #include "./gtk_util.h"
+ #include "./gtk_cb.h"
+ #include "./gtk_pack.h"
+-#include "./main.h"
+-#include "./packet.h"
+-#include "./gtk_itemfactory.h"
+-#include "./firewalk.h"
+ #include "./version.h"
++#include "./gtk_itemfactory.h"
+ 
+ /*
+  *  This code is heavily commented for the benefit of the programmer who
diff --git a/net/firewalk/patches/patch-ad b/net/firewalk/patches/patch-ad
new file mode 100644
index 00000000000..1d1058f134f
--- /dev/null
+++ b/net/firewalk/patches/patch-ad
@@ -0,0 +1,25 @@
+$NetBSD: patch-ad,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+--- gtk_cp.c.orig	Tue Sep 11 19:50:58 2001
++++ gtk_cp.c	Tue Sep 11 19:51:48 2001
+@@ -35,16 +35,16 @@
+ #if (HAVE_CONFIG_H)
+ #include "./config.h"
+ #endif
++#include "./main.h"
++#include "./packet.h"
++#include "./firewalk.h"
++#include "./version.h"
+ #include "./gtk_main.h"
+ #include "./gtk_util.h"
+ #include "./gtk_cb.h"
+ #include "./gtk_cp.h"
+ #include "./gtk_pack.h"
+-#include "./main.h"
+-#include "./packet.h"
+ #include "./gtk_itemfactory.h"
+-#include "./firewalk.h"
+-#include "./version.h"
+ 
+ /*
+  *  This code is heavily commented for the benefit of the programmer who
diff --git a/net/firewalk/pkg/DESCR b/net/firewalk/pkg/DESCR
new file mode 100644
index 00000000000..7ec3d69847a
--- /dev/null
+++ b/net/firewalk/pkg/DESCR
@@ -0,0 +1,5 @@
+Firewalking is a technique developed by Mike D. Schiffman and David E.
+Goldsmith that employs traceroute-like techniques to analyze IP packet
+responses to determine gateway ACL filters and map networks.
+Firewalk the tool employs the technique to determine the filter rules
+in place on a packet forwarding device.
diff --git a/net/firewalk/pkg/PLIST b/net/firewalk/pkg/PLIST
new file mode 100644
index 00000000000..b70352e3991
--- /dev/null
+++ b/net/firewalk/pkg/PLIST
@@ -0,0 +1,3 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+bin/firewalk
+man/man1/firewalk.1