summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authoragc <agc>2001-10-11 15:11:48 +0000
committeragc <agc>2001-10-11 15:11:48 +0000
commit9faa08b9a73f423d7674dbb433633539d5b05cab (patch)
treeece4d88f3da77435cf4477e6f91ba57bb63eba45 /net
parent08623cfc2c7eaba3fda9b19afd20d69f54fa1c61 (diff)
downloadpkgsrc-9faa08b9a73f423d7674dbb433633539d5b05cab.tar.gz
Initial import of firewalk-1.0 into the NetBSD Packages Collection.
Firewalking is a technique developed by Mike D. Schiffman and David E. Goldsmith that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. Firewalk the tool employs the technique to determine the filter rules in place on a packet forwarding device. This package was provided in PR 14020 by xs@nitric.net. I split it into two separate packages, firewalk-gtk and firewalk, and modified it to use buildlink functionality.
Diffstat (limited to 'net')
-rw-r--r--net/firewalk/Makefile20
-rw-r--r--net/firewalk/distinfo8
-rw-r--r--net/firewalk/patches/patch-aa106
-rw-r--r--net/firewalk/patches/patch-ab28
-rw-r--r--net/firewalk/patches/patch-ac24
-rw-r--r--net/firewalk/patches/patch-ad25
-rw-r--r--net/firewalk/pkg/DESCR5
-rw-r--r--net/firewalk/pkg/PLIST3
8 files changed, 219 insertions, 0 deletions
diff --git a/net/firewalk/Makefile b/net/firewalk/Makefile
new file mode 100644
index 00000000000..bd68c5c6617
--- /dev/null
+++ b/net/firewalk/Makefile
@@ -0,0 +1,20 @@
+# $NetBSD: Makefile,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+DISTNAME= firewalk-1.0
+CATEGORIES= net security
+MASTER_SITES= http://www.packetfactory.net/Projects/firewalk/
+
+MAINTAINER= xs@nitric.net
+HOMEPAGE= http://www.packetfactory.net/Projects/firewalk/
+COMMENT= Firewalk determines the filter rules on a packet forwarding device
+
+WRKSRC= ${WRKDIR}/${DISTNAME:C/f/F/}
+
+GNU_CONFIGURE= #defined
+CONFIGURE_ENV+= CFLAGS=-I${LOCALBASE}/include
+CONFIGURE_ARGS+= --with-gtk=no
+
+MAKE_ENV+= LIBS="-L${LOCALBASE}/lib" FIREWALK_LOC=${LOCALBASE}
+
+.include "../../devel/libnet/buildlink.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/net/firewalk/distinfo b/net/firewalk/distinfo
new file mode 100644
index 00000000000..319b7a8da51
--- /dev/null
+++ b/net/firewalk/distinfo
@@ -0,0 +1,8 @@
+$NetBSD: distinfo,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+SHA1 (firewalk-1.0.tar.gz) = c8ade2a59b1e20e3e7800e6ac7702628773e24ad
+Size (firewalk-1.0.tar.gz) = 75573 bytes
+SHA1 (patch-aa) = a2fb24de0713e650f651dfd0e733d9b83462457e
+SHA1 (patch-ab) = 79a950620c539413fa6990a9202d3ad97ad807ca
+SHA1 (patch-ac) = 6ac2733b0a3bb2e7ae27c9b6b220381d0b9ee282
+SHA1 (patch-ad) = 4c49be6af143237a2b4f3839caa00b439d781ae6
diff --git a/net/firewalk/patches/patch-aa b/net/firewalk/patches/patch-aa
new file mode 100644
index 00000000000..829e7a189d2
--- /dev/null
+++ b/net/firewalk/patches/patch-aa
@@ -0,0 +1,106 @@
+$NetBSD: patch-aa,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+--- packet.c.orig Sat Sep 8 22:43:44 2001
++++ packet.c Sat Sep 8 22:44:45 2001
+@@ -42,24 +42,24 @@
+ int
+ icmp_verify(u_char *packet, struct firepack *fp)
+ {
+- struct ip *ip_hdr;
+- struct icmphdr *icmp_hdr;
+- struct ip *origip_hdr;
+- struct udphdr *origudp_hdr;
++ struct libnet_ip_hdr *ip_hdr;
++ struct libnet_icmp_hdr *icmp_hdr;
++ struct libnet_ip_hdr *origip_hdr;
++ struct libnet_udp_hdr *origudp_hdr;
+
+- ip_hdr = (struct ip *)(packet + fp->packet_offset);
+- icmp_hdr = (struct icmphdr *)(packet + fp->packet_offset + IP_H);
++ ip_hdr = (struct libnet_ip_hdr *)(packet + fp->packet_offset);
++ icmp_hdr = (struct libnet_icmp_hdr *)(packet + fp->packet_offset + IP_H);
+
+- switch (icmp_hdr->type)
++ switch (icmp_hdr->icmp_type)
+ {
+- case ICMP_DEST_UNREACH:
+- case ICMP_TIME_EXCEEDED:
++ case ICMP_UNREACH:
++ case ICMP_TIMXCEED:
+ /*
+ * The ICMP error message contains the IP header and first 8
+ * bytes of data of datagram that caused the error.
+ */
+ origip_hdr =
+- (struct ip *)(packet + fp->packet_offset + IP_H + ICMP_H + 4);
++ (struct libnet_ip_hdr *)(packet + fp->packet_offset + IP_H + ICMP_H + 4);
+
+ /*
+ * Was this a UDP or TCP packet that caused the problem? If not,
+@@ -78,7 +78,7 @@
+ * having a UDP header.
+ */
+ origudp_hdr =
+- (struct udphdr *)
++ (struct libnet_udp_hdr *)
+ (packet + fp->packet_offset + 2 * IP_H + ICMP_H + 4);
+
+ /*
+@@ -92,22 +92,22 @@
+ */
+ if (ip_hdr->ip_src.s_addr == fp->gateway)
+ {
+- return (icmp_hdr->type == ICMP_DEST_UNREACH ?
++ return (icmp_hdr->icmp_type == ICMP_UNREACH ?
+ UNREACH_GW_REPLY : EXPIRED_GW_REPLY);
+ }
+ /*
+ * This is a response from the destination host.
+ */
+- if (icmp_hdr->type == ICMP_DEST_UNREACH &&
++ if (icmp_hdr->icmp_type == ICMP_UNREACH &&
+ ip_hdr->ip_src.s_addr == fp->destination)
+ {
+- return (icmp_hdr->type == ICMP_DEST_UNREACH ?
++ return (icmp_hdr->icmp_type == ICMP_UNREACH ?
+ UNREACH_DEST_REPLY : EXPIRED_DEST_REPLY);
+ }
+ /*
+ * This is just a standard TTL expired reply.
+ */
+- return (icmp_hdr->type == ICMP_DEST_UNREACH ? UNREACH_REPLY :
++ return (icmp_hdr->icmp_type == ICMP_UNREACH ? UNREACH_REPLY :
+ EXPIRED_REPLY);
+ }
+ default:
+@@ -249,9 +249,9 @@
+ void
+ print_ip(u_char *packet)
+ {
+- struct ip *ip_hdr;
++ struct libnet_ip_hdr *ip_hdr;
+
+- ip_hdr = (struct ip *)(packet + fp->packet_offset);
++ ip_hdr = (struct libnet_ip_hdr *)(packet + fp->packet_offset);
+ fire_write("[%s]", libnet_host_lookup(ip_hdr->ip_src.s_addr, fp->use_name));
+ }
+
+@@ -259,14 +259,14 @@
+ u_char *
+ print_unreach_code(u_char *packet)
+ {
+- struct icmphdr *icmp_hdr;
++ struct libnet_icmp_hdr *icmp_hdr;
+
+- icmp_hdr = (struct icmphdr *)(packet + fp->packet_offset + IP_H);
+- if (icmp_hdr->code > 15)
++ icmp_hdr = (struct libnet_icmp_hdr *)(packet + fp->packet_offset + IP_H);
++ if (icmp_hdr->icmp_code > 15)
+ {
+ return ("Unkown unreachable code");
+ }
+- return (unreachables[icmp_hdr->code]);
++ return (unreachables[icmp_hdr->icmp_code]);
+ }
+
+
diff --git a/net/firewalk/patches/patch-ab b/net/firewalk/patches/patch-ab
new file mode 100644
index 00000000000..08af7750650
--- /dev/null
+++ b/net/firewalk/patches/patch-ab
@@ -0,0 +1,28 @@
+$NetBSD: patch-ab,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+--- Makefile.in.orig Sat Feb 3 20:24:09 2001
++++ Makefile.in Sun Sep 9 11:54:51 2001
+@@ -7,13 +7,13 @@
+ # @configure_input@
+
+ FIREWALK = firewalk
+-FIREWALK_LOC= /usr/local
++FIREWALK_LOC?= /usr/local
+ FIREWALK_MAN= $(FIREWALK).1
+ INSTALL = ./install-sh
+ DEFINES += @DEFS@ `libnet-config --defines`
+ CFLAGS = @CFLAGS@
+ CPPFLAGS = @CPPFLAGS@
+-LIBS = -lnet -lpcap @FW_GTK_CONFIG@ `libnet-config --libs`
++LIBS += -lnet -lpcap @FW_GTK_CONFIG@ `libnet-config --libs`
+ OBJECTS = main.o firewalk.o watcher.o p_cap.o signal.o \
+ packet.o udptcpwalk.o port_list.o util.o @FW_GTK_OBJS@
+
+@@ -31,6 +31,7 @@
+ sed -e 's/.*/static char version[] = "&";/' ./VERSION > $@
+
+ install: firewalk
++ $(INSTALL) -d -m 0755 $(FIREWALK_LOC)/bin $(FIREWALK_LOC)/man/man1
+ $(INSTALL) -c -m 0700 $(FIREWALK) $(FIREWALK_LOC)/bin
+ $(INSTALL) -c -m 0644 $(FIREWALK_MAN) $(FIREWALK_LOC)/man/man1
+
diff --git a/net/firewalk/patches/patch-ac b/net/firewalk/patches/patch-ac
new file mode 100644
index 00000000000..9dc7be06bad
--- /dev/null
+++ b/net/firewalk/patches/patch-ac
@@ -0,0 +1,24 @@
+$NetBSD: patch-ac,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+--- gtk_main.c.orig Tue Sep 11 19:34:13 2001
++++ gtk_main.c Tue Sep 11 19:34:45 2001
+@@ -35,15 +35,15 @@
+ #if (HAVE_CONFIG_H)
+ #include "./config.h"
+ #endif
++#include "./main.h"
++#include "./packet.h"
++#include "./firewalk.h"
+ #include "./gtk_main.h"
+ #include "./gtk_util.h"
+ #include "./gtk_cb.h"
+ #include "./gtk_pack.h"
+-#include "./main.h"
+-#include "./packet.h"
+-#include "./gtk_itemfactory.h"
+-#include "./firewalk.h"
+ #include "./version.h"
++#include "./gtk_itemfactory.h"
+
+ /*
+ * This code is heavily commented for the benefit of the programmer who
diff --git a/net/firewalk/patches/patch-ad b/net/firewalk/patches/patch-ad
new file mode 100644
index 00000000000..1d1058f134f
--- /dev/null
+++ b/net/firewalk/patches/patch-ad
@@ -0,0 +1,25 @@
+$NetBSD: patch-ad,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+
+--- gtk_cp.c.orig Tue Sep 11 19:50:58 2001
++++ gtk_cp.c Tue Sep 11 19:51:48 2001
+@@ -35,16 +35,16 @@
+ #if (HAVE_CONFIG_H)
+ #include "./config.h"
+ #endif
++#include "./main.h"
++#include "./packet.h"
++#include "./firewalk.h"
++#include "./version.h"
+ #include "./gtk_main.h"
+ #include "./gtk_util.h"
+ #include "./gtk_cb.h"
+ #include "./gtk_cp.h"
+ #include "./gtk_pack.h"
+-#include "./main.h"
+-#include "./packet.h"
+ #include "./gtk_itemfactory.h"
+-#include "./firewalk.h"
+-#include "./version.h"
+
+ /*
+ * This code is heavily commented for the benefit of the programmer who
diff --git a/net/firewalk/pkg/DESCR b/net/firewalk/pkg/DESCR
new file mode 100644
index 00000000000..7ec3d69847a
--- /dev/null
+++ b/net/firewalk/pkg/DESCR
@@ -0,0 +1,5 @@
+Firewalking is a technique developed by Mike D. Schiffman and David E.
+Goldsmith that employs traceroute-like techniques to analyze IP packet
+responses to determine gateway ACL filters and map networks.
+Firewalk the tool employs the technique to determine the filter rules
+in place on a packet forwarding device.
diff --git a/net/firewalk/pkg/PLIST b/net/firewalk/pkg/PLIST
new file mode 100644
index 00000000000..b70352e3991
--- /dev/null
+++ b/net/firewalk/pkg/PLIST
@@ -0,0 +1,3 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2001/10/11 15:11:48 agc Exp $
+bin/firewalk
+man/man1/firewalk.1