Initial import of fragroute-1.2 into the NetBSD Packages Collection,

provided in PR 24022 by ISIHARA Takanori. This was taken from the
FreeBSD Packages Collection and ported to NetBSD by ISIHARA Takanori.

Additional fixes to make the package compile on NetBSD by myself,
along with fixes for the build infrastructure (since libevent is part
of NetBSD-current).

"Fragroute intercepts, modifies, and rewrites egress traffic destined
for a specified host, implementing most of the attacks described in the
Secure Networks "Insertion, Evasion, and Denial of Service: Eluding
Network Intrusion Detection" paper of January 1998.

It features a simple ruleset language to delay, duplicate, drop,
fragment, overlap, print, reorder, segment, source-route, or otherwise
monkey with all outbound packets destined for a target host, with
minimal support for randomized or probabilistic behaviour.

This tool was written in good faith to aid in the testing of network
intrusion detection systems, firewalls, and basic TCP/IP stack
behaviour. Please do not abuse this software."

6 files changed, 115 insertions, 0 deletions

diff --git a/security/fragroute/DESCR b/security/fragroute/DESCR
new file mode 100644
index 00000000000..c2c207bc762
--- /dev/null
+++ b/security/fragroute/DESCR
@@ -0,0 +1,16 @@
+"Fragroute intercepts, modifies, and rewrites egress traffic destined
+for a specified host, implementing most of the attacks described in the
+Secure Networks "Insertion, Evasion, and Denial of Service: Eluding
+Network Intrusion Detection" paper of January 1998. 
+
+It features a simple ruleset language to delay, duplicate, drop,
+fragment, overlap, print, reorder, segment, source-route, or otherwise
+monkey with all outbound packets destined for a target host, with
+minimal support for randomized or probabilistic behaviour. 
+
+This tool was written in good faith to aid in the testing of network
+intrusion detection systems, firewalls, and basic TCP/IP stack
+behaviour. Please do not abuse this software."
+
+WWW: http://www.monkey.org/~dugsong/fragroute/
+- Dominic <dominic_marks@btinternet.com>
diff --git a/security/fragroute/Makefile b/security/fragroute/Makefile
new file mode 100644
index 00000000000..2fe5e34243f
--- /dev/null
+++ b/security/fragroute/Makefile
@@ -0,0 +1,32 @@
+# $NetBSD: Makefile,v 1.1.1.1 2004/01/08 17:55:15 agc Exp $
+# FreeBSD Id: ports/security/fragroute/Makefile,v 1.10 2003/09/24 08:37:38 edwin Exp
+
+DISTNAME=	fragroute-1.2
+CATEGORIES=	security net
+MASTER_SITES=	http://monkey.org/~dugsong/fragroute/
+
+MAINTAINER=	tech-pkg@NetBSD.org
+HOMEPAGE=	http://www.monkey.org/~dugsong/fragroute/
+COMMENT=        Tool for intercepting, modifying and rewriting egress traffic
+
+USE_BUILDLINK2=		YES
+
+GNU_CONFIGURE=		YES
+CONFIGURE_ARGS+=	--with-libdnet=${PREFIX}
+CONFIGURE_ARGS+=	--with-libevent=${BUILDLINK_PREFIX.libevent}
+CONFIGURE_ARGS+=	--with-pcap=${BUILDLINK_PREFIX.libpcap}
+
+SCRIPTS=	README.snort base-1 frag-1 frag-2 frag-3 frag-4 frag-5 \
+	frag-6 frag-7-unix frag-7-win32 ins-2 ins-3 tcbc-2 tcp-3 tcp-5 \
+	tcp-7 tcp-9
+
+pre-install:
+	${INSTALL_DATA_DIR} ${PREFIX}/share/fragroute
+.for FILE in ${SCRIPTS}
+	${INSTALL_DATA} ${WRKSRC}/scripts/${FILE} ${PREFIX}/share/fragroute
+.endfor
+
+.include "../../net/libpcap/buildlink2.mk"
+.include "../../net/libdnet/buildlink2.mk"
+.include "../../devel/libevent/buildlink2.mk"
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/fragroute/PLIST b/security/fragroute/PLIST
new file mode 100644
index 00000000000..9bedad3af83
--- /dev/null
+++ b/security/fragroute/PLIST
@@ -0,0 +1,24 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2004/01/08 17:55:15 agc Exp $
+etc/fragroute.conf
+man/man8/fragroute.8
+man/man8/fragtest.8
+sbin/fragroute
+sbin/fragtest
+share/fragroute/README.snort
+share/fragroute/base-1
+share/fragroute/frag-1
+share/fragroute/frag-2
+share/fragroute/frag-3
+share/fragroute/frag-4
+share/fragroute/frag-5
+share/fragroute/frag-6
+share/fragroute/frag-7-unix
+share/fragroute/frag-7-win32
+share/fragroute/ins-2
+share/fragroute/ins-3
+share/fragroute/tcbc-2
+share/fragroute/tcp-3
+share/fragroute/tcp-5
+share/fragroute/tcp-7
+share/fragroute/tcp-9
+@dirrm share/fragroute
diff --git a/security/fragroute/distinfo b/security/fragroute/distinfo
new file mode 100644
index 00000000000..819a8bc9de0
--- /dev/null
+++ b/security/fragroute/distinfo
@@ -0,0 +1,6 @@
+$NetBSD: distinfo,v 1.1.1.1 2004/01/08 17:55:15 agc Exp $
+
+SHA1 (fragroute-1.2.tar.gz) = 0e85daf40f4910d56d75e6cdee163305a1cb9004
+Size (fragroute-1.2.tar.gz) = 85247 bytes
+SHA1 (patch-aa) = 7cc6a7b7b20cd7e63f1afde0caf89f339537d376
+SHA1 (patch-ab) = 36bb985c8c06fa245c5a489c7158ec780dc9b42a
diff --git a/security/fragroute/patches/patch-aa b/security/fragroute/patches/patch-aa
new file mode 100644
index 00000000000..c7f2293746d
--- /dev/null
+++ b/security/fragroute/patches/patch-aa
@@ -0,0 +1,24 @@
+$NetBSD: patch-aa,v 1.1.1.1 2004/01/08 17:55:15 agc Exp $
+
+--- mod.c	2004/01/08 17:33:51	1.1
++++ mod.c	2004/01/08 17:41:16
+@@ -151,10 +151,19 @@
+ {
+ 	struct rule *rule;
+ 	
++#ifdef __NetBSD__
++	TAILQ_FOREACH_REVERSE(rule, &rules, head, next) {
++		if (rule->mod->close != NULL)
++			rule->data = rule->mod->close(rule->data);
++		TAILQ_REMOVE(&rules, rule, next);
++		free(rule);
++	}
++#else
+ 	TAILQ_FOREACH_REVERSE(rule, &rules, next, head) {
+ 		if (rule->mod->close != NULL)
+ 			rule->data = rule->mod->close(rule->data);
+ 		TAILQ_REMOVE(&rules, rule, next);
+ 		free(rule);
+ 	}
++#endif
+ }
diff --git a/security/fragroute/patches/patch-ab b/security/fragroute/patches/patch-ab
new file mode 100644
index 00000000000..a5884c21cc0
--- /dev/null
+++ b/security/fragroute/patches/patch-ab
@@ -0,0 +1,13 @@
+$NetBSD: patch-ab,v 1.1.1.1 2004/01/08 17:55:15 agc Exp $
+
+--- pkt.h	2004/01/08 17:49:28	1.1
++++ pkt.h	2004/01/08 17:50:01
+@@ -68,4 +68,8 @@
+ void		 pktq_shuffle(rand_t *r, struct pktq *pktq);
+ struct pkt	*pktq_random(rand_t *r, struct pktq *pktq);
+ 
++#ifndef TAILQ_END
++#define TAILQ_END(head)	NULL
++#endif
++
+ #endif /* PKT_H */