Initial import of stegtunnel-0.4 into the packages collection.

	Stegtunnel provides a covert channel in the IPID and sequence number
	fields of any desired TCP connection.  It requires the server and
	client to have a previously shared secret in common to detect and
	decrypt the data.

11 files changed, 264 insertions, 0 deletions

diff --git a/security/stegtunnel/DESCR b/security/stegtunnel/DESCR
new file mode 100644
index 00000000000..6cc9fe669dd
--- /dev/null
+++ b/security/stegtunnel/DESCR
@@ -0,0 +1,4 @@
+Stegtunnel provides a covert channel in the IPID and sequence number
+fields of any desired TCP connection.  It requires the server and
+client to have a previously shared secret in common to detect and
+decrypt the data.
diff --git a/security/stegtunnel/Makefile b/security/stegtunnel/Makefile
new file mode 100644
index 00000000000..dcd9ce78c04
--- /dev/null
+++ b/security/stegtunnel/Makefile
@@ -0,0 +1,17 @@
+# $NetBSD: Makefile,v 1.1.1.1 2008/05/09 21:39:17 agc Exp $
+
+DISTNAME=	stegtunnel-0.4
+CATEGORIES=	security
+MASTER_SITES=	http://www.synacklabs.net/projects/stegtunnel/
+
+MAINTAINER=	agc@NetBSD.org
+HOMEPAGE=	http://www.synacklabs.net/projects/stegtunnel/
+COMMENT=	Provides a covert channel in the IPID and sequence number
+
+GNU_CONFIGURE=	yes
+USE_LIBTOOL=	yes
+
+.include "../../net/libdnet/buildlink3.mk"
+.include "../../net/libpcap/buildlink3.mk"
+
+.include "../../mk/bsd.pkg.mk"
diff --git a/security/stegtunnel/PLIST b/security/stegtunnel/PLIST
new file mode 100644
index 00000000000..95cc98787d8
--- /dev/null
+++ b/security/stegtunnel/PLIST
@@ -0,0 +1,18 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2008/05/09 21:39:17 agc Exp $
+bin/stegclient
+bin/stegserver
+include/packetp.h
+include/packetp/addr_netcmp.h
+include/packetp/firewallstate.h
+include/packetp/forkarp.h
+include/packetp/hashtab.h
+include/packetp/lookupa.h
+include/packetp/pcapf.h
+include/packetp/recycle.h
+include/packetp/routestate.h
+include/packetp/standard.h
+lib/libpacketp.a
+man/man1/stegclient.1
+man/man1/stegserver.1
+man/man3/packetp.3
+@dirrm include/packetp
diff --git a/security/stegtunnel/distinfo b/security/stegtunnel/distinfo
new file mode 100644
index 00000000000..41e2e137b6a
--- /dev/null
+++ b/security/stegtunnel/distinfo
@@ -0,0 +1,12 @@
+$NetBSD: distinfo,v 1.1.1.1 2008/05/09 21:39:17 agc Exp $
+
+SHA1 (stegtunnel-0.4.tar.gz) = c29c1ddc4bca2e2b266acf0040a2029c3bdeb33d
+RMD160 (stegtunnel-0.4.tar.gz) = c06d13c0c22b684fb5141894bae81d3d4d623470
+Size (stegtunnel-0.4.tar.gz) = 167291 bytes
+SHA1 (patch-aa) = c4dea849a440bb6520a41def36d3448741a0e4e1
+SHA1 (patch-ab) = 6472ca339cecaad6ca9369ac717059be7b817124
+SHA1 (patch-ac) = 6cfe164a46acf3fee5644e9d45eee4414815066f
+SHA1 (patch-ad) = ba43ac603014b46358666c8a34f071473269f83d
+SHA1 (patch-ae) = f6b233b7e5a5dfb4a1c39b655ae242afe24f03ba
+SHA1 (patch-af) = 2cf20415cc4110dd1cd7244f1d10b2ea3b3d727b
+SHA1 (patch-ag) = 3bbc440df74241aa47f40417c0ce176f3850b42b
diff --git a/security/stegtunnel/patches/patch-aa b/security/stegtunnel/patches/patch-aa
new file mode 100644
index 00000000000..bb657c02b55
--- /dev/null
+++ b/security/stegtunnel/patches/patch-aa
@@ -0,0 +1,25 @@
+$NetBSD: patch-aa,v 1.1.1.1 2008/05/09 21:39:17 agc Exp $
+
+--- Makefile.in	2007/10/02 16:00:26	1.1
++++ Makefile.in	2007/10/02 16:01:50
+@@ -74,7 +74,7 @@
+ PACKAGE_VERSION = @PACKAGE_VERSION@
+ PATH_SEPARATOR = @PATH_SEPARATOR@
+ PCAPINC = @PCAPINC@
+-PCAPLIB = @PCAPLIB@
++PCAPLIB = -Wl,-R${PREFIX}/lib @PCAPLIB@
+ RANLIB = @RANLIB@
+ SET_MAKE = @SET_MAKE@
+ SHELL = @SHELL@
+@@ -151,9 +151,9 @@
+ DEFAULT_INCLUDES =  -I. -I$(srcdir)
+ depcomp =
+ am__depfiles_maybe =
+-COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
++COMPILE = libtool --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \
+ 	$(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS)
+-CCLD = $(CC)
++CCLD = libtool --mode=link $(CC)
+ LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@
+ DIST_SOURCES = $(stegclient_SOURCES) $(stegserver_SOURCES)
+ 
diff --git a/security/stegtunnel/patches/patch-ab b/security/stegtunnel/patches/patch-ab
new file mode 100644
index 00000000000..49cb148cf5b
--- /dev/null
+++ b/security/stegtunnel/patches/patch-ab
@@ -0,0 +1,73 @@
+$NetBSD: patch-ab,v 1.1.1.1 2008/05/09 21:39:17 agc Exp $
+
+--- hashtab.c	2007/10/03 12:04:01	1.1
++++ hashtab.c	2007/10/03 12:08:02
+@@ -28,6 +28,10 @@
+ --------------------------------------------------------------------
+ */
+ 
++#include <sys/types.h>
++#include <stdlib.h>
++#include <string.h>
++
+ #ifndef STANDARD
+ #include "standard.h"
+ #endif
+@@ -41,6 +45,7 @@
+ #include "recycle.h"
+ #endif
+ 
++#ifdef HASHTAB_DEBUG
+ /* sanity check -- make sure ipos, apos, and count make sense */
+ static void  hsanity(t)
+ htab *t;
+@@ -51,7 +56,7 @@
+   /* test that apos makes sense */
+   end = (ub4)1<<(t->logsize);
+   if (end < t->apos)
+-    printf("error:  end %ld  apos %ld\n", end, t->apos);
++    printf("error:  end %ld  apos %ld\n", (long) end, (long) t->apos);
+ 
+   /* test that ipos is in bucket apos */
+   if (t->ipos)
+@@ -59,7 +64,7 @@
+     for (h=t->table[t->apos];  h && h != t->ipos;  h = h->next)
+       ;
+     if (h != t->ipos)
+-      printf("error:ipos not in apos, apos is %ld\n", t->apos);
++      printf("error:ipos not in apos, apos is %ld\n", (long) t->apos);
+   }
+ 
+   /* test that t->count is the number of elements in the table */
+@@ -68,8 +73,9 @@
+     for (h=t->table[i];  h;  h=h->next)
+       ++counter;
+   if (counter != t->count)
+-    printf("error: counter %ld  t->count %ld\n", counter, t->count);
++    printf("error: counter %ld  t->count %ld\n", (long) counter, (long) t->count);
+ }
++#endif /* HASHTAB_DEBUG */
+ 
+ 
+ /*
+@@ -138,7 +144,6 @@
+ void hdestroy( t)
+ htab  *t;    /* the table */
+ {
+-  hitem *h;
+   refree(t->space);
+   free((char *)t->table);
+   free((char *)t);
+@@ -351,10 +356,10 @@
+   printf("\n");
+   for (walk=stat; walk; walk=walk->next)
+   {
+-    printf("items %ld:  %ld buckets\n", walk->keyl, walk->hval);
++    printf("items %ld:  %ld buckets\n", (long)walk->keyl, (long)walk->hval);
+   }
+   printf("\nbuckets: %ld  items: %ld  existing: %g\n\n",
+-         ((ub4)1<<t->logsize), t->count, total);
++         (long)((ub4)1<<t->logsize), (long)t->count, total);
+ 
+   /* clean up */
+   while (stat)
diff --git a/security/stegtunnel/patches/patch-ac b/security/stegtunnel/patches/patch-ac
new file mode 100644
index 00000000000..93b1caa4f6f
--- /dev/null
+++ b/security/stegtunnel/patches/patch-ac
@@ -0,0 +1,24 @@
+$NetBSD: patch-ac,v 1.1.1.1 2008/05/09 21:39:17 agc Exp $
+
+--- recycle.c	2007/10/03 12:08:42	1.1
++++ recycle.c	2007/10/03 12:09:47
+@@ -13,6 +13,10 @@
+ --------------------------------------------------------------------
+ */
+ 
++#include <sys/types.h>
++#include <stdlib.h>
++#include <string.h>
++
+ #ifndef STANDARD
+ # include "standard.h"
+ #endif
+@@ -36,7 +40,7 @@
+ struct reroot *r;
+ {
+    recycle *temp;
+-   if (temp = r->list) while (r->list)
++   if ((temp = r->list) != NULL) while (r->list)
+    {
+       temp = r->list->next;
+       free((char *)r->list);
diff --git a/security/stegtunnel/patches/patch-ad b/security/stegtunnel/patches/patch-ad
new file mode 100644
index 00000000000..1d22c1009f4
--- /dev/null
+++ b/security/stegtunnel/patches/patch-ad
@@ -0,0 +1,28 @@
+$NetBSD: patch-ad,v 1.1.1.1 2008/05/09 21:39:17 agc Exp $
+
+--- stegtunnel.c	2007/10/03 12:10:29	1.1
++++ stegtunnel.c	2007/10/03 12:11:03
+@@ -95,7 +95,6 @@
+   SHA1Context sha;
+   uint8_t sha_inbuf[SHA_INBUF_SZ];
+   int num_read;
+-  int i;
+ 
+   lseek(file_ctx->fd, 0, SEEK_SET);
+   SHA1Reset(&sha);
+@@ -294,7 +293,6 @@
+ stegt_file_output(struct stegt_file *file_ctx, uint8_t *out_buf, int width)
+ {
+   int i;
+-  int j;
+   uint8_t *size_ptr;
+   uint32_t tmp_size;
+   int ret_val;
+@@ -394,7 +392,6 @@
+ 		 uint8_t *in_buf, int width)
+ {
+   int i;
+-  int j;
+   
+   i = 0;
+ 
diff --git a/security/stegtunnel/patches/patch-ae b/security/stegtunnel/patches/patch-ae
new file mode 100644
index 00000000000..9c93c81d4d9
--- /dev/null
+++ b/security/stegtunnel/patches/patch-ae
@@ -0,0 +1,30 @@
+$NetBSD: patch-ae,v 1.1.1.1 2008/05/09 21:39:17 agc Exp $
+
+--- stegclient.c	2007/10/03 12:11:42	1.1
++++ stegclient.c	2007/10/03 12:12:59
+@@ -52,9 +52,7 @@
+   struct addr verbose_addr;
+   char verbose_buf[80];
+   uint32_t ack_num;
+-  uint32_t tmp_seq;
+   uint32_t tmp_seqoff;
+-  uint32_t tmp_loc;
+   uint8_t extracted[4];
+ 
+   st_ctx = void_ctx;
+@@ -202,7 +200,6 @@
+   struct addr verbose_addr;
+   char verbose_buf[80];
+   uint32_t seq_num;
+-  uint8_t packet_hash[16];
+   uint8_t cipher_stream[4];
+   uint8_t readbuf[2];
+   int i;
+@@ -319,7 +316,6 @@
+   int c;
+   int got_proxy;
+   int got_target;
+-  int i;
+ 
+   if(!(getuid() == 0)) {
+     fprintf(stderr, "Gotta be root to run %s\n", argv[0]);
diff --git a/security/stegtunnel/patches/patch-af b/security/stegtunnel/patches/patch-af
new file mode 100644
index 00000000000..d8863f16ed3
--- /dev/null
+++ b/security/stegtunnel/patches/patch-af
@@ -0,0 +1,21 @@
+$NetBSD: patch-af,v 1.1.1.1 2008/05/09 21:39:17 agc Exp $
+
+--- crypto.c	2007/10/03 18:50:14	1.1
++++ crypto.c	2007/10/03 18:51:13
+@@ -76,7 +76,7 @@
+   passlen = strlen(passphrase);
+ 
+   SHA1Reset(&sha1_ctx);
+-  SHA1Input(&sha1_ctx, passphrase, passlen);
++  SHA1Input(&sha1_ctx, (unsigned char *)passphrase, passlen);
+   SHA1Result(&sha1_ctx, st_ctx->pw_hash);
+   for(c = 0; c < passlen; c++) {
+     passphrase[c] = 0;
+@@ -156,7 +156,6 @@
+   struct ip_hdr *ip_header;
+   struct tcp_hdr *tcp_header;
+   uint8_t *tmp_pkt;
+-  int i;
+ 
+   ip_header = (struct ip_hdr *)packet;
+   tcp_header = (struct tcp_hdr *) (packet + (ip_header->ip_hl * 4));
diff --git a/security/stegtunnel/patches/patch-ag b/security/stegtunnel/patches/patch-ag
new file mode 100644
index 00000000000..38541e07c69
--- /dev/null
+++ b/security/stegtunnel/patches/patch-ag
@@ -0,0 +1,12 @@
+$NetBSD: patch-ag,v 1.1.1.1 2008/05/09 21:39:17 agc Exp $
+
+--- session.c	2007/10/03 19:15:45	1.1
++++ session.c	2007/10/03 19:15:56
+@@ -219,7 +219,6 @@
+   struct tcp_hdr *tcp_header;
+   uint8_t hash[SHA1HashSize];
+   uint16_t proxy_port;
+-  int i;
+ 
+   ip_header = (struct ip_hdr *)packet;
+   if (ip_header->ip_p != IP_PROTO_TCP)