diff options
author | agc <agc> | 2001-10-11 15:11:48 +0000 |
---|---|---|
committer | agc <agc> | 2001-10-11 15:11:48 +0000 |
commit | 9faa08b9a73f423d7674dbb433633539d5b05cab (patch) | |
tree | ece4d88f3da77435cf4477e6f91ba57bb63eba45 /net | |
parent | 08623cfc2c7eaba3fda9b19afd20d69f54fa1c61 (diff) | |
download | pkgsrc-9faa08b9a73f423d7674dbb433633539d5b05cab.tar.gz |
Initial import of firewalk-1.0 into the NetBSD Packages Collection.
Firewalking is a technique developed by Mike D. Schiffman and David E.
Goldsmith that employs traceroute-like techniques to analyze IP packet
responses to determine gateway ACL filters and map networks.
Firewalk the tool employs the technique to determine the filter rules
in place on a packet forwarding device.
This package was provided in PR 14020 by xs@nitric.net. I split it into
two separate packages, firewalk-gtk and firewalk, and modified it to use
buildlink functionality.
Diffstat (limited to 'net')
-rw-r--r-- | net/firewalk/Makefile | 20 | ||||
-rw-r--r-- | net/firewalk/distinfo | 8 | ||||
-rw-r--r-- | net/firewalk/patches/patch-aa | 106 | ||||
-rw-r--r-- | net/firewalk/patches/patch-ab | 28 | ||||
-rw-r--r-- | net/firewalk/patches/patch-ac | 24 | ||||
-rw-r--r-- | net/firewalk/patches/patch-ad | 25 | ||||
-rw-r--r-- | net/firewalk/pkg/DESCR | 5 | ||||
-rw-r--r-- | net/firewalk/pkg/PLIST | 3 |
8 files changed, 219 insertions, 0 deletions
diff --git a/net/firewalk/Makefile b/net/firewalk/Makefile new file mode 100644 index 00000000000..bd68c5c6617 --- /dev/null +++ b/net/firewalk/Makefile @@ -0,0 +1,20 @@ +# $NetBSD: Makefile,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $ + +DISTNAME= firewalk-1.0 +CATEGORIES= net security +MASTER_SITES= http://www.packetfactory.net/Projects/firewalk/ + +MAINTAINER= xs@nitric.net +HOMEPAGE= http://www.packetfactory.net/Projects/firewalk/ +COMMENT= Firewalk determines the filter rules on a packet forwarding device + +WRKSRC= ${WRKDIR}/${DISTNAME:C/f/F/} + +GNU_CONFIGURE= #defined +CONFIGURE_ENV+= CFLAGS=-I${LOCALBASE}/include +CONFIGURE_ARGS+= --with-gtk=no + +MAKE_ENV+= LIBS="-L${LOCALBASE}/lib" FIREWALK_LOC=${LOCALBASE} + +.include "../../devel/libnet/buildlink.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/net/firewalk/distinfo b/net/firewalk/distinfo new file mode 100644 index 00000000000..319b7a8da51 --- /dev/null +++ b/net/firewalk/distinfo @@ -0,0 +1,8 @@ +$NetBSD: distinfo,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $ + +SHA1 (firewalk-1.0.tar.gz) = c8ade2a59b1e20e3e7800e6ac7702628773e24ad +Size (firewalk-1.0.tar.gz) = 75573 bytes +SHA1 (patch-aa) = a2fb24de0713e650f651dfd0e733d9b83462457e +SHA1 (patch-ab) = 79a950620c539413fa6990a9202d3ad97ad807ca +SHA1 (patch-ac) = 6ac2733b0a3bb2e7ae27c9b6b220381d0b9ee282 +SHA1 (patch-ad) = 4c49be6af143237a2b4f3839caa00b439d781ae6 diff --git a/net/firewalk/patches/patch-aa b/net/firewalk/patches/patch-aa new file mode 100644 index 00000000000..829e7a189d2 --- /dev/null +++ b/net/firewalk/patches/patch-aa @@ -0,0 +1,106 @@ +$NetBSD: patch-aa,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $ + +--- packet.c.orig Sat Sep 8 22:43:44 2001 ++++ packet.c Sat Sep 8 22:44:45 2001 +@@ -42,24 +42,24 @@ + int + icmp_verify(u_char *packet, struct firepack *fp) + { +- struct ip *ip_hdr; +- struct icmphdr *icmp_hdr; +- struct ip *origip_hdr; +- struct udphdr *origudp_hdr; ++ struct libnet_ip_hdr *ip_hdr; ++ struct libnet_icmp_hdr *icmp_hdr; ++ struct libnet_ip_hdr *origip_hdr; ++ struct libnet_udp_hdr *origudp_hdr; + +- ip_hdr = (struct ip *)(packet + fp->packet_offset); +- icmp_hdr = (struct icmphdr *)(packet + fp->packet_offset + IP_H); ++ ip_hdr = (struct libnet_ip_hdr *)(packet + fp->packet_offset); ++ icmp_hdr = (struct libnet_icmp_hdr *)(packet + fp->packet_offset + IP_H); + +- switch (icmp_hdr->type) ++ switch (icmp_hdr->icmp_type) + { +- case ICMP_DEST_UNREACH: +- case ICMP_TIME_EXCEEDED: ++ case ICMP_UNREACH: ++ case ICMP_TIMXCEED: + /* + * The ICMP error message contains the IP header and first 8 + * bytes of data of datagram that caused the error. + */ + origip_hdr = +- (struct ip *)(packet + fp->packet_offset + IP_H + ICMP_H + 4); ++ (struct libnet_ip_hdr *)(packet + fp->packet_offset + IP_H + ICMP_H + 4); + + /* + * Was this a UDP or TCP packet that caused the problem? If not, +@@ -78,7 +78,7 @@ + * having a UDP header. + */ + origudp_hdr = +- (struct udphdr *) ++ (struct libnet_udp_hdr *) + (packet + fp->packet_offset + 2 * IP_H + ICMP_H + 4); + + /* +@@ -92,22 +92,22 @@ + */ + if (ip_hdr->ip_src.s_addr == fp->gateway) + { +- return (icmp_hdr->type == ICMP_DEST_UNREACH ? ++ return (icmp_hdr->icmp_type == ICMP_UNREACH ? + UNREACH_GW_REPLY : EXPIRED_GW_REPLY); + } + /* + * This is a response from the destination host. + */ +- if (icmp_hdr->type == ICMP_DEST_UNREACH && ++ if (icmp_hdr->icmp_type == ICMP_UNREACH && + ip_hdr->ip_src.s_addr == fp->destination) + { +- return (icmp_hdr->type == ICMP_DEST_UNREACH ? ++ return (icmp_hdr->icmp_type == ICMP_UNREACH ? + UNREACH_DEST_REPLY : EXPIRED_DEST_REPLY); + } + /* + * This is just a standard TTL expired reply. + */ +- return (icmp_hdr->type == ICMP_DEST_UNREACH ? UNREACH_REPLY : ++ return (icmp_hdr->icmp_type == ICMP_UNREACH ? UNREACH_REPLY : + EXPIRED_REPLY); + } + default: +@@ -249,9 +249,9 @@ + void + print_ip(u_char *packet) + { +- struct ip *ip_hdr; ++ struct libnet_ip_hdr *ip_hdr; + +- ip_hdr = (struct ip *)(packet + fp->packet_offset); ++ ip_hdr = (struct libnet_ip_hdr *)(packet + fp->packet_offset); + fire_write("[%s]", libnet_host_lookup(ip_hdr->ip_src.s_addr, fp->use_name)); + } + +@@ -259,14 +259,14 @@ + u_char * + print_unreach_code(u_char *packet) + { +- struct icmphdr *icmp_hdr; ++ struct libnet_icmp_hdr *icmp_hdr; + +- icmp_hdr = (struct icmphdr *)(packet + fp->packet_offset + IP_H); +- if (icmp_hdr->code > 15) ++ icmp_hdr = (struct libnet_icmp_hdr *)(packet + fp->packet_offset + IP_H); ++ if (icmp_hdr->icmp_code > 15) + { + return ("Unkown unreachable code"); + } +- return (unreachables[icmp_hdr->code]); ++ return (unreachables[icmp_hdr->icmp_code]); + } + + diff --git a/net/firewalk/patches/patch-ab b/net/firewalk/patches/patch-ab new file mode 100644 index 00000000000..08af7750650 --- /dev/null +++ b/net/firewalk/patches/patch-ab @@ -0,0 +1,28 @@ +$NetBSD: patch-ab,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $ + +--- Makefile.in.orig Sat Feb 3 20:24:09 2001 ++++ Makefile.in Sun Sep 9 11:54:51 2001 +@@ -7,13 +7,13 @@ + # @configure_input@ + + FIREWALK = firewalk +-FIREWALK_LOC= /usr/local ++FIREWALK_LOC?= /usr/local + FIREWALK_MAN= $(FIREWALK).1 + INSTALL = ./install-sh + DEFINES += @DEFS@ `libnet-config --defines` + CFLAGS = @CFLAGS@ + CPPFLAGS = @CPPFLAGS@ +-LIBS = -lnet -lpcap @FW_GTK_CONFIG@ `libnet-config --libs` ++LIBS += -lnet -lpcap @FW_GTK_CONFIG@ `libnet-config --libs` + OBJECTS = main.o firewalk.o watcher.o p_cap.o signal.o \ + packet.o udptcpwalk.o port_list.o util.o @FW_GTK_OBJS@ + +@@ -31,6 +31,7 @@ + sed -e 's/.*/static char version[] = "&";/' ./VERSION > $@ + + install: firewalk ++ $(INSTALL) -d -m 0755 $(FIREWALK_LOC)/bin $(FIREWALK_LOC)/man/man1 + $(INSTALL) -c -m 0700 $(FIREWALK) $(FIREWALK_LOC)/bin + $(INSTALL) -c -m 0644 $(FIREWALK_MAN) $(FIREWALK_LOC)/man/man1 + diff --git a/net/firewalk/patches/patch-ac b/net/firewalk/patches/patch-ac new file mode 100644 index 00000000000..9dc7be06bad --- /dev/null +++ b/net/firewalk/patches/patch-ac @@ -0,0 +1,24 @@ +$NetBSD: patch-ac,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $ + +--- gtk_main.c.orig Tue Sep 11 19:34:13 2001 ++++ gtk_main.c Tue Sep 11 19:34:45 2001 +@@ -35,15 +35,15 @@ + #if (HAVE_CONFIG_H) + #include "./config.h" + #endif ++#include "./main.h" ++#include "./packet.h" ++#include "./firewalk.h" + #include "./gtk_main.h" + #include "./gtk_util.h" + #include "./gtk_cb.h" + #include "./gtk_pack.h" +-#include "./main.h" +-#include "./packet.h" +-#include "./gtk_itemfactory.h" +-#include "./firewalk.h" + #include "./version.h" ++#include "./gtk_itemfactory.h" + + /* + * This code is heavily commented for the benefit of the programmer who diff --git a/net/firewalk/patches/patch-ad b/net/firewalk/patches/patch-ad new file mode 100644 index 00000000000..1d1058f134f --- /dev/null +++ b/net/firewalk/patches/patch-ad @@ -0,0 +1,25 @@ +$NetBSD: patch-ad,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $ + +--- gtk_cp.c.orig Tue Sep 11 19:50:58 2001 ++++ gtk_cp.c Tue Sep 11 19:51:48 2001 +@@ -35,16 +35,16 @@ + #if (HAVE_CONFIG_H) + #include "./config.h" + #endif ++#include "./main.h" ++#include "./packet.h" ++#include "./firewalk.h" ++#include "./version.h" + #include "./gtk_main.h" + #include "./gtk_util.h" + #include "./gtk_cb.h" + #include "./gtk_cp.h" + #include "./gtk_pack.h" +-#include "./main.h" +-#include "./packet.h" + #include "./gtk_itemfactory.h" +-#include "./firewalk.h" +-#include "./version.h" + + /* + * This code is heavily commented for the benefit of the programmer who diff --git a/net/firewalk/pkg/DESCR b/net/firewalk/pkg/DESCR new file mode 100644 index 00000000000..7ec3d69847a --- /dev/null +++ b/net/firewalk/pkg/DESCR @@ -0,0 +1,5 @@ +Firewalking is a technique developed by Mike D. Schiffman and David E. +Goldsmith that employs traceroute-like techniques to analyze IP packet +responses to determine gateway ACL filters and map networks. +Firewalk the tool employs the technique to determine the filter rules +in place on a packet forwarding device. diff --git a/net/firewalk/pkg/PLIST b/net/firewalk/pkg/PLIST new file mode 100644 index 00000000000..b70352e3991 --- /dev/null +++ b/net/firewalk/pkg/PLIST @@ -0,0 +1,3 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $ +bin/firewalk +man/man1/firewalk.1 |