debian/0000755000000000000000000000000012213347020007160 5ustar debian/control0000644000000000000000000000163712212630703010574 0ustar Source: redir Section: net Priority: extra Maintainer: Debian QA Group Build-Depends: debhelper (>=9), libwrap0-dev Standards-Version: 3.9.4 Homepage: http://sammy.net/~sammy/hacks/ Vcs-Git: git://lair.fifthhorseman.net/~dkg/redir Package: redir Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends} Description: Redirect TCP connections It can run under inetd or stand alone (in which case it handles multiple connections). It is 8 bit clean, not limited to line mode, is small and light. Supports transparency, FTP redirects, http proxying, and bandwidth limiting. . redir is all you need to redirect traffic across firewalls authenticate based on an IP address etc. No need for the firewall toolkit. The functionality of inetd/tcpd and "redir" will allow you to do everything you need without screwy telnet/ftp etc gateways. (I assume you are running IP Masquerading of course.) debian/changelog0000644000000000000000000001450612212631217011043 0ustar redir (2.2.1-11) unstable; urgency=low * QA upload. * Set maintainer to QA * Enable hardening flags" by changing to d/compat to 9 and B/D on debhelper>9 and new patch 31_enable_hardening.patch (Closes: #662715) * Bump standard version, no changes required * Remove d/README.source, as this package appearantly uses quilt, not dpatch -- Tobias Frost Sat, 07 Sep 2013 16:04:58 +0200 redir (2.2.1-10) unstable; urgency=low * fix typo in manpage. * drop dpatch build-dep * convert to 3.0 (quilt) * debian/control: move Vcs- arguments * bump Standards-Version to 3.9.3 (no changes needed) * debian/rules: convert to minimal debhelper -- Daniel Kahn Gillmor Sun, 04 Mar 2012 17:40:37 -0500 redir (2.2.1-9) unstable; urgency=low * updated my e-mail address. * fix calls to setsockopt to ensure that SO_REUSEADDR and SO_LINGER take effect (Closes: #508140) * bumped policy to 3.8.0 (added README.source) * clean up manpage to make lintian happy. -- Daniel Kahn Gillmor Tue, 03 Mar 2009 19:04:40 -0500 redir (2.2.1-8) unstable; urgency=low * added Homepage, Vcs-Svn, Vcs-Browser, and XS-Dm-Upload-Allowed fields to debian/control * Bumped Standards-Version: to 3.7.3 (no changes needed) -- Daniel Kahn Gillmor Sun, 13 Jan 2008 14:39:30 -0500 redir (2.2.1-7) unstable; urgency=low * clean up diff.gz -- Daniel Kahn Gillmor Wed, 15 Aug 2007 16:13:14 -0400 redir (2.2.1-6) unstable; urgency=low * (Unreleased) don't strip binaries by default. Thanks, Julien Danjou (Closes: #437898) * bumped policy * format Homepage in description. * fix inetd example in notes file to match modern syntax -- Daniel Kahn Gillmor Wed, 15 Aug 2007 14:56:58 -0400 redir (2.2.1-5) unstable; urgency=low * (Unreleased) switched to debhelper compatibility version 5 -- Daniel Kahn Gillmor Fri, 25 Nov 2005 21:30:33 -0500 redir (2.2.1-4) unstable; urgency=low * (Unreleased) modified debian/watch to use the fancier version suggested by the watch wizard at http://dehs.alioth.debian.org/ -- Daniel Kahn Gillmor Fri, 25 Nov 2005 12:42:51 -0500 redir (2.2.1-3) unstable; urgency=low * (Unreleased) added debian/watch -- Daniel Kahn Gillmor Thu, 24 Nov 2005 01:10:16 -0500 redir (2.2.1-2) unstable; urgency=low * Now using dpatch * fixed timeouts to only happen after full duration of inactivity, rather than absolute. Thanks to Robert de Bath (Closes: #142382) * fixed problematic buffer allocation introduced by bandwidth throttling (Closes: #335288). * Builds without any warnings from gcc, even with --pedantic -- Daniel Kahn Gillmor Sun, 23 Oct 2005 00:06:48 -0400 redir (2.2.1-1) unstable; urgency=low * New maintainer (closes: #328602) * new upstream release, includes upstream's bandwidth throttling (Closes: #147061, #139197) * changed flag in docs from --maxbandwidth to --max_bandwidth to match source. * changed priority from optional to extra to match override * redir-2.1.lsm changed to redir-2.2.lsm found at http://www.ibiblio.org/linsearch/lsms/redir-2.2.html * debian/control: version from 3.6.1.0 to 3.6.2.1 (no changes) * debian/rules: now using debhelper, compatibility level 4 -- Daniel Kahn Gillmor Fri, 21 Oct 2005 23:54:05 -0400 redir (2.1-3) unstable; urgency=low * thanks for the NMU (Closes: #190515) Looking for new Maintainer, see #328602 * redir.c: fixed compile warnings (Closes: #291835) * debian/copyright: fixed download url (Closes: #188299) * debian/control: description typo fix (Closes: #277257) * debian/copyright: make lintian happy - point to common-licenses * debian/control: version from 3.1.1 to 3.6.1.0 (no changes) -- Bernd Eckenfels Fri, 16 Sep 2005 18:47:50 +0200 redir (2.1-2.1) unstable; urgency=low * NMU. * Add Build-Depends on debhelper and libwrap0-dev. Closes: #190515. -- Daniel Schepler Mon, 18 Aug 2003 00:57:34 -0700 redir (2.1-2) unstable; urgency=low * use TCP_WRAPPER (closes: #66512) * closes: #54247 (added a few ntohs() calls and reported it upstream) * closes: #52518 (ignore accept errors) * closes: #40260 (supported in 2.1) * include section and priority in bin package (dh_gencontrol -- -isp) -- Bernd Eckenfels Sun, 23 Jul 2000 04:58:43 +0200 redir (2.1-1) unstable; urgency=low * new upstream release (#50815, #34500) * new package upload of source and diff (#44259) * fixed spelling in manpage (#36821, #36143) -- Bernd Eckenfels Sun, 21 Nov 1999 18:59:20 +0100 redir (1.2-1) unstable; urgency=low * new upstream release * adds support for ftp * adds support for transparency (Bug#13983) -- Bernd Eckenfels Sun, 1 Nov 1998 08:19:17 +0100 redir (1.0-2) unstable; urgency=low * make lintian happy (changelog.Debian) * fixed typo in describtion -- Bernd Eckenfels Sun, 1 Nov 1998 08:19:17 +0100 redir (1.0-1) unstable; urgency=low * fixed a few compiler warnings (again), reported to upstream author * new upstream source (Bug#27552) -- Bernd Eckenfels Sun, 1 Nov 1998 07:00:50 +0100 redir (0.7-4) frozen; urgency=low * fixed short describtion (#9925) * added casting to setsockopt to fix compiler warning -- Bernd Eckenfels Sat, 18 Apr 1998 22:27:53 +0200 redir (0.7-3) frozen unstable; urgency=low * New Maintainer (old: Christoph Lameter ) * more verbose copyright file * removed /usr/doc/copyright * compressed docu and man page * clean removes debian/substvars * fix permission of man page (bug#5552) -- Christoph Lameter Thu, 21 Nov 1996 21:14:54 +0100 redir (0.7-2) unstable; urgency=low * Forgot to install the copyright file into /usr/doc/copyright -- Christoph Lameter Sat, 21 Sep 1996 14:51:46 +0800 redir (0.7-1) unstable; urgency=low * Initial Release -- Christoph Lameter Tue, 17 Sep 1996 14:51:46 +0800 debian/redir.dirs0000644000000000000000000000005711724767172011176 0ustar usr/bin usr/share/doc/redir usr/share/man/man1 debian/redir.docs0000644000000000000000000000004411724767172011161 0ustar README transproxy.txt redir-2.2.lsm debian/Makefile.org0000644000000000000000000000276712212627232011427 0ustar ### user configuration section # if your system lacks getopt_long(), remove the comment from this line GETOPT_OBJS = # getopt/getopt.o getopt/getopt1.o # if your system lacks strrchr() or strdup(), edit this line STR_CFLAGS = # -DNEED_STRRCHR -DNEED_STRDUP # if you would like support for TCP wrappers (and have libwrap.a # installed), remove these comments. WRAP_CFLAGS = # -DUSE_TCP_WRAPPERS WRAP_LIBS = # -lwrap # if your system needs any additional libraries (solaris, for example, # needs the ones commented out below), edit this line. EXTRA_LIBS = #-lnsl -lsocket # add additional compiler flags here. Some useful ones are: # # -DNO_SHAPER (doesn't compile in traffic shaping code) # -DNO_FTP (doesn't compile in FTP redirection support) EXTRA_CFLAGS = # -DNO_SHAPER -DNO_FTP ### end of user configuration section # redir requires gcc. if you're lucky, another compiler might work. CC = gcc # if your system lacks getopt_long, remove the comment from this line OBJS = redir.o $(GETOPT_OBJS) CFLAGS = -O2 -Wall $(STR_CFLAGS) $(WRAP_CFLAGS) $(EXTRA_CFLAGS) LDFLAGS = -s # solaris, and others, may also need these libraries to link # also edit here if you're using the TCP wrappers code LIBS = $(WRAP_LIBS) $(EXTRA_LIBS) # this line should build under os/2 using syslog from # http://r350.ee.ntu.edu.tw/~hcchu/os2/ports/dev # submitted by: Doug LaRue (dlarue@nosc.mil) # LIBS = -lsyslog -lsocket all: redir clean: rm -f $(OBJS) redir core redir: ${OBJS} ${CC} ${LDFLAGS} -o redir ${OBJS} ${LIBS} debian/notes0000644000000000000000000000147411724767172010265 0ustar I stumbled across this tool when I needed to redirect some outside traffic to an inside machine (firewall of course realized with IP Masquerading...) I took one machine that was visible from the outside and redirected traffic coming from the outside to the inside host while keeping the ability to connect to that server from the inside. The following /etc/hosts.allow did the trick: in.telnetd: .school.edu # Dont touch the above statement enables regular on campus telnet access # to host. # # Add to lalug.org whatever hosts need access to the insidehost in.telnetd: lalug.org : twist /usr/sbin/redir --inetd --chost=insidehost -cport=23 The first line allows regular access from our school. The second allows special access from that outside host to the inside machine. Christoph Lameter, debian/redir.manpages0000644000000000000000000000001211724767172012017 0ustar redir.man debian/copyright0000644000000000000000000000121011724767172011131 0ustar redir This is the Debian GNU/Linux prepackaged version of redir. The Source is downloaded from http://sammy.net/~sammy/hacks/redir-2.2.1.tar.gz a simple TCP Port Redirector Initial Debian Package was put together by Christoph Lameter, current maintainer is Daniel Kahn Gillmor . redir is Copyright 1996-1999 Nigel Metheringham, Sam Creasey, Thomas Osterried, Harald Holzer, and Emmanuel Chantréau. All modifications for debian are copyright by Christoph Lameter (-1996), Bernd Eckenfels (1996-2005), and Daniel Kahn Gillmor (2005-) It is released under GPL version 2 or later (see /usr/share/common-licenses/GPL-2). debian/redir.install0000644000000000000000000000001611724767172011676 0ustar redir usr/bin debian/watch0000644000000000000000000000013711724767172010236 0ustar version=3 http://sammy.net/~sammy/hacks/ (?:.*/)?redir-?_?([\d+\.]+|\d+)\.tar.* debian uupdate debian/rules0000755000000000000000000000015212212626127010245 0ustar #!/usr/bin/make -f export DEB_BUILD_MAINT_OPTIONS = hardening=+all DPKG_EXPORT_BUILDFLAGS = 1 %: dh $@ debian/gbp.conf0000644000000000000000000000012111724771371010611 0ustar [DEFAULT] upstream-tag = redir_%(version)s debian-tag = redir_debian/%(version)s debian/patches/0000755000000000000000000000000012212630661010614 5ustar debian/patches/06_fix_shaper_buffer.dpatch0000755000000000000000000000347511724767172016022 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 06_fix_shaper_buffer.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: properly allocate copyloop buffer @DPATCH@ diff -urNad redir-2.2.1~/redir.c redir-2.2.1/redir.c --- redir-2.2.1~/redir.c 2005-10-22 23:20:05.235901424 -0400 +++ redir-2.2.1/redir.c 2005-10-22 23:22:20.198384008 -0400 @@ -260,7 +260,7 @@ #endif int *transproxy, #ifndef NO_SHAPER - unsigned int * bufsize, + unsigned int * bufsizeout, int * max_bandwidth, int * random_wait, int * wait_in_out, @@ -367,7 +367,7 @@ #ifndef NO_SHAPER case 'z': - *bufsize = (unsigned int)atol(optarg); + *bufsizeout = (unsigned int)atol(optarg); break; case 'm': @@ -594,7 +594,7 @@ unsigned long bytes_in = 0; unsigned long bytes_out = 0; unsigned int start_time, end_time; - char buf[bufsize]; + char* buf = malloc(bufsize); /* Record start time */ start_time = (unsigned int) time(NULL); @@ -637,7 +637,7 @@ } if(FD_ISSET(insock, &c_iofds)) { - if((bytes = read(insock, buf, sizeof(buf))) <= 0) + if((bytes = read(insock, buf, bufsize)) <= 0) break; #ifndef NO_FTP if (ftp & FTP_PORT) @@ -652,7 +652,7 @@ bytes_out += bytes; } if(FD_ISSET(outsock, &c_iofds)) { - if((bytes = read(outsock, buf, sizeof(buf))) <= 0) + if((bytes = read(outsock, buf, bufsize)) <= 0) break; /* if we're correcting for PASV on ftp redirections, then fix buf and bytes to have the new address, among other @@ -689,6 +689,7 @@ syslog(LOG_NOTICE, "disconnect %d secs, %ld in %ld out", (end_time - start_time), bytes_in, bytes_out); } + free(buf); return; } debian/patches/09_add_linux_software_map.dpatch0000755000000000000000000000120111724767172017043 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 09_add_linux_software_map.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Add linux software map file @DPATCH@ --- redir-2.2.1.orig/redir-2.2.lsm +++ redir-2.2.1/redir-2.2.lsm @@ -0,0 +1,11 @@ +Begin3 +Title: redir +Version: 2.2 +Entered-date: 15DEC1999 +Description: TCP Port redirector (for firewalls etc). +Keywords: tcp port redirector bouncer proxy +Author: sammy@oh.verio.com +Primary-site: sunsite.unc.edu /pub/Linux/system/Network/daemons + 39936 redir-2.2.tar.gz +Copying-policy: GPL +End debian/patches/08_add_wrappers.dpatch0000755000000000000000000000121711724767172015006 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 08_add_wrappers.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Enabling TCP wrapper support @DPATCH@ --- redir-2.2.1.orig/Makefile +++ redir-2.2.1/Makefile @@ -9,8 +9,8 @@ # if you would like support for TCP wrappers (and have libwrap.a # installed), remove these comments. -WRAP_CFLAGS = # -DUSE_TCP_WRAPPERS -WRAP_LIBS = # -lwrap +WRAP_CFLAGS = -DUSE_TCP_WRAPPERS +WRAP_LIBS = -lwrap # if your system needs any additional libraries (solaris, for example, # needs the ones commented out below), edit this line. debian/patches/05_pedantic.dpatch0000755000000000000000000001136711724767172014126 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 05_pedantic.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: changes to make clean up compilation @DPATCH@ diff -urNad redir-2.2.1~/Makefile redir-2.2.1/Makefile --- redir-2.2.1~/Makefile 2005-10-22 23:11:41.000000000 -0400 +++ redir-2.2.1/Makefile 2005-10-22 23:11:48.818368360 -0400 @@ -32,7 +32,7 @@ # if your system lacks getopt_long, remove the comment from this line OBJS = redir.o $(GETOPT_OBJS) -CFLAGS = -O2 -Wall $(STR_CFLAGS) $(WRAP_CFLAGS) $(EXTRA_CFLAGS) +CFLAGS = -O2 -Wall --pedantic $(STR_CFLAGS) $(WRAP_CFLAGS) $(EXTRA_CFLAGS) LDFLAGS = -s # solaris, and others, may also need these libraries to link diff -urNad redir-2.2.1~/redir.c redir-2.2.1/redir.c --- redir-2.2.1~/redir.c 2005-10-22 23:11:48.282449832 -0400 +++ redir-2.2.1/redir.c 2005-10-22 23:12:23.201141384 -0400 @@ -73,6 +73,7 @@ #include #include #include +#include #include #include #include @@ -460,7 +461,7 @@ int lport, rport; int remip[4]; int localsock; - int socksize = sizeof(struct sockaddr_in); + size_t socksize = sizeof(struct sockaddr_in); struct sockaddr_in newsession; struct sockaddr_in sockname; @@ -509,7 +510,7 @@ if(getsockname(localsock, (struct sockaddr *)&sockname, &socksize) < 0) { perror("getsockname"); if (dosyslog) - syslog(LOG_ERR, "getsockname failed: %m"); + syslog(LOG_ERR, "getsockname failed: %s",strerror(errno)); exit(1); } @@ -562,7 +563,7 @@ switch(fork()) { case -1: /* Error */ - syslog(LOG_ERR, "Couldn't fork: %m"); + syslog(LOG_ERR, "Couldn't fork: %s",strerror(errno)); _exit(1); case 0: /* Child */ { @@ -723,7 +724,7 @@ int clisock; int targetsock; struct sockaddr_in client; - int clientlen = sizeof(client); + size_t clientlen = sizeof(client); int accept_errno; debug("top of accept loop\n"); @@ -734,7 +735,7 @@ perror("server: accept"); if (dosyslog) - syslog(LOG_ERR, "accept failed: %m"); + syslog(LOG_ERR, "accept failed: %s",strerror(errno)); /* determine if this error is fatal */ switch(accept_errno) { @@ -768,7 +769,7 @@ perror("(server) fork"); if (dosyslog) - syslog(LOG_ERR, "(server) fork failed: %m"); + syslog(LOG_ERR, "(server) fork failed: %s",strerror(errno)); _exit(1); case 0: /* Child */ @@ -795,7 +796,7 @@ perror("(child) fork"); if (dosyslog) - syslog(LOG_ERR, "(child) fork failed: %m"); + syslog(LOG_ERR, "(child) fork failed: %s",strerror(errno)); _exit(1); case 0: /* Child */ @@ -826,7 +827,7 @@ perror("target: socket"); if (dosyslog) - syslog(LOG_ERR, "socket failed: %m"); + syslog(LOG_ERR, "socket failed: %s",strerror(errno)); _exit(1); } @@ -850,7 +851,7 @@ only be different if the input value is 0 (let the system pick a port) */ if (dosyslog) - syslog(LOG_ERR, "bind failed: %m"); + syslog(LOG_ERR, "bind failed: %s",strerror(errno)); _exit(1); } @@ -862,7 +863,7 @@ perror("target: connect"); if (dosyslog) - syslog(LOG_ERR, "bind failed: %m"); + syslog(LOG_ERR, "bind failed: %s",strerror(errno)); _exit(1); } @@ -923,7 +924,7 @@ perror("server: socket"); if (dosyslog) - syslog(LOG_ERR, "socket failed: %m"); + syslog(LOG_ERR, "socket failed: %s",strerror(errno)); exit(1); } @@ -962,7 +963,7 @@ perror("server: bind"); if (dosyslog) - syslog(LOG_ERR, "bind failed: %m"); + syslog(LOG_ERR, "bind failed: %s",strerror(errno)); exit(1); } @@ -980,7 +981,7 @@ perror("server: listen"); if (dosyslog) - syslog(LOG_ERR, "listen failed: %m"); + syslog(LOG_ERR, "listen failed: %s",strerror(errno)); exit(1); } @@ -1059,7 +1060,7 @@ if (inetd) { int targetsock; struct sockaddr_in client; - int client_size = sizeof(client); + size_t client_size = sizeof(client); #ifdef USE_TCP_WRAPPERS request_init(&request, RQ_DAEMON, ident, RQ_FILE, 0, 0); @@ -1079,7 +1080,7 @@ perror("target: socket"); if (dosyslog) - syslog(LOG_ERR, "targetsock failed: %m"); + syslog(LOG_ERR, "targetsock failed: %s",strerror(errno)); exit(1); } @@ -1097,7 +1098,7 @@ perror("bind_addr: cannot bind to forcerd outgoing addr"); if (dosyslog) - syslog(LOG_ERR, "bind failed: %m"); + syslog(LOG_ERR, "bind failed: %s",strerror(errno)); exit(1); } @@ -1109,7 +1110,7 @@ perror("target: connect"); if (dosyslog) - syslog(LOG_ERR, "connect failed: %m"); + syslog(LOG_ERR, "connect failed: %s",strerror(errno)); exit(1); } debian/patches/03_fix_tcp_wrappers.dpatch0000755000000000000000000000200311724767172015677 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 03_fix_tcp_wrappers.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: fix calls to tcp wrappers @DPATCH@ diff -urNad redir-2.2.1~/redir.c redir-2.2.1/redir.c --- redir-2.2.1~/redir.c 2005-10-22 22:10:11.439455392 -0400 +++ redir-2.2.1/redir.c 2005-10-22 22:10:51.625346208 -0400 @@ -802,8 +802,8 @@ #ifdef USE_TCP_WRAPPERS request_init(&request, RQ_DAEMON, ident, RQ_FILE, clisock, 0); sock_host(&request); - sock_hostname(&request); - sock_hostaddr(&request); + sock_hostname(request.client); + sock_hostaddr(request.client); if (!hosts_access(&request)) { refuse(&request); @@ -1057,8 +1057,8 @@ #ifdef USE_TCP_WRAPPERS request_init(&request, RQ_DAEMON, ident, RQ_FILE, 0, 0); sock_host(&request); - sock_hostname(&request); - sock_hostaddr(&request); + sock_hostname(request.client); + sock_hostaddr(request.client); if (!hosts_access(&request)) refuse(&request); debian/patches/15_deb_cosmetics.dpatch0000755000000000000000000000141711724767172015136 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 15_deb_cosmetics.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Cosmetic changes applicable only to debian @DPATCH@ diff -urNad redir-2.2.1~/redir.man redir-2.2.1/redir.man --- redir-2.2.1~/redir.man 2005-10-22 21:47:44.067287096 -0400 +++ redir-2.2.1/redir.man 2005-10-22 21:48:34.218662928 -0400 @@ -92,7 +92,7 @@ .B \--transproxy On a linux system with transparent proxying enabled, causes redir to make connections appear as if they had come from their true origin. -(see transproxy.txt in the source archive) +(see /usr/share/doc/redir/transproxy.txt) .TP .B \--connect Redirects connections through an HTTP proxy which supports the CONNECT debian/patches/04_fix_timeouts.dpatch0000755000000000000000000000246111724767172015050 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 04_fix_timeouts.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Apply a close approximation of Robert de Bath's patch for bug #142382 @DPATCH@ diff -urNad redir-2.2.1~/redir.c redir-2.2.1/redir.c --- redir-2.2.1~/redir.c 2005-10-22 22:44:39.504061784 -0400 +++ redir-2.2.1/redir.c 2005-10-22 22:47:14.746461352 -0400 @@ -598,10 +598,6 @@ /* Record start time */ start_time = (unsigned int) time(NULL); - /* Set up timeout */ - timeout.tv_sec = timeout_secs; - timeout.tv_usec = 0; - /* file descriptor bits */ FD_ZERO(&iofds); FD_SET(insock, &iofds); @@ -618,14 +614,21 @@ while(1) { (void) memcpy(&c_iofds, &iofds, sizeof(iofds)); + /* Set up timeout, Linux returns seconds left in this structure + * so we have to reset it before each select(). */ + timeout.tv_sec = timeout_secs; + timeout.tv_usec = 0; + if (select(max_fd + 1, &c_iofds, (fd_set *)0, (fd_set *)0, (timeout_secs ? &timeout : NULL)) <= 0) { - /* syslog(LLEV,"connection timeout: %d sec",timeout.tv_sec);*/ - break; + if (dosyslog) { + syslog(LOG_NOTICE,"connection timeout: %d sec",timeout_secs); + } + break; } if(FD_ISSET(insock, &c_iofds)) { debian/patches/series0000644000000000000000000000053212212630226012026 0ustar 01_fix_max_bandwidth_docs.dpatch 02_use_ntohs.dpatch 03_fix_tcp_wrappers.dpatch 04_fix_timeouts.dpatch 05_pedantic.dpatch 06_fix_shaper_buffer.dpatch 07_cosmetics.dpatch 08_add_wrappers.dpatch 09_add_linux_software_map.dpatch 15_deb_cosmetics.dpatch 20_do_not_strip.dpatch 25_fix_setsockopt.dpatch 30_fix_manpage.dpatch 31_enable_hardening.patch debian/patches/25_fix_setsockopt.dpatch0000755000000000000000000000346211724767172015402 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 25_fix_setsockopt.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Ensure that the server socket has SO_REUSEADDR and SO_LINGER set properly. @DPATCH@ diff -urNad redir~/redir.c redir/redir.c --- redir~/redir.c 2009-03-03 17:35:12.022427586 -0500 +++ redir/redir.c 2009-03-03 17:45:28.998426896 -0500 @@ -90,8 +90,8 @@ /* let's set up some globals... */ int dodebug = 0; int dosyslog = 0; -unsigned char reuse_addr = 1; -unsigned char linger_opt = 0; +int reuse_addr = 1; /* allow address reuse */ +struct linger linger_opt = { 0, 0}; /* do not linger */ char * bind_addr = NULL; struct sockaddr_in addr_out; int timeout = 0; @@ -906,6 +906,7 @@ int servsock; struct sockaddr_in server; + int ret; /* * Get a socket to work with. This socket will @@ -944,8 +945,30 @@ server.sin_addr.s_addr = htonl(inet_addr("0.0.0.0")); } - setsockopt(servsock, SOL_SOCKET, SO_REUSEADDR, &reuse_addr, sizeof(reuse_addr)); - setsockopt(servsock, SOL_SOCKET, SO_LINGER, &linger_opt, sizeof(SO_LINGER)); + ret = setsockopt(servsock, SOL_SOCKET, SO_REUSEADDR, &reuse_addr, sizeof(reuse_addr)); + if (ret != 0) { + if(fail) { + return -1; + } + else { + perror("server: setsockopt (SO_REUSEADDR)"); + if (dosyslog) + syslog(LOG_ERR, "setsockopt failed with SO_REUSEADDR: %s",strerror(errno)); + exit(1); + } + } + ret = setsockopt(servsock, SOL_SOCKET, SO_LINGER, &linger_opt, sizeof(linger_opt)); + if (ret != 0) { + if(fail) { + return -1; + } + else { + perror("server: setsockopt (SO_LINGER)"); + if (dosyslog) + syslog(LOG_ERR, "setsockopt failed with SO_LINGER: %s",strerror(errno)); + exit(1); + } + } /* * Try to bind the address to the socket. debian/patches/30_fix_manpage.dpatch0000755000000000000000000001206711724767172014611 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 30_fix_manpage.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Clean up questionable formatting in man page. @DPATCH@ diff -urNad redir~/redir.man redir/redir.man --- redir~/redir.man 2009-03-03 18:55:37.790428922 -0500 +++ redir/redir.man 2009-03-03 18:58:48.486428715 -0500 @@ -1,43 +1,42 @@ -.PU .TH REDIR 1 local .SH NAME -redir \- redirect tcp connections +redir - redirect tcp connections .SH SYNOPSIS .ll +8 .B redir -.RB [ \--laddr=incoming.ip.address ] -.RB [ \--caddr=host ] -.RB [ \--debug ] -.RB [ \--syslog -.RB [ \--name=str ] -.RB [ \--timeout=n ] -.RB [ \--bind_addr=my.other.ip.address ] -.RB [ \--ftp=type ] -.RB [ \--transproxy ] -.RB [ \--connect=host:port ] -.I --lport=port -.I --cport=port -.RB [ \--bufsize=n ] -.RB [ \--max_bandwidth=n ] -.RB [ \--random_wait=n ] -.RB [ \--wait_in_out=n ] +.RB [ \-\-laddr=incoming.ip.address ] +.RB [ \-\-caddr=host ] +.RB [ \-\-debug ] +.RB [ \-\-syslog ] +.RB [ \-\-name=str ] +.RB [ \-\-timeout=n ] +.RB [ \-\-bind_addr=my.other.ip.address ] +.RB [ \-\-ftp=type ] +.RB [ \-\-transproxy ] +.RB [ \-\-connect=host:port ] +.I \-\-lport=port +.I \-\-cport=port +.RB [ \-\-bufsize=n ] +.RB [ \-\-max_bandwidth=n ] +.RB [ \-\-random_wait=n ] +.RB [ \-\-wait_in_out=n ] .ll -8 .br .B redir -.RB \--inetd -.RB [ \--caddr=host ] -.RB [ \--debug ] -.RB [ \--syslog -.RB [ \--name=str ] -.RB [ \--timeout=n ] -.RB [ \--ftp=type ] -.RB [ \--transproxy ] -.RB [ \--connect=host:port ] -.I --cport=port -.RB [ \--bufsize=n ] -.RB [ \--max_bandwidth=n ] -.RB [ \--random_wait=n ] -.RB [ \--wait_in_out=n ] +.RB \-\-inetd +.RB [ \-\-caddr=host ] +.RB [ \-\-debug ] +.RB [ \-\-syslog ] +.RB [ \-\-name=str ] +.RB [ \-\-timeout=n ] +.RB [ \-\-ftp=type ] +.RB [ \-\-transproxy ] +.RB [ \-\-connect=host:port ] +.I \-\-cport=port +.RB [ \-\-bufsize=n ] +.RB [ \-\-max_bandwidth=n ] +.RB [ \-\-random_wait=n ] +.RB [ \-\-wait_in_out=n ] .ll -8 .br .SH DESCRIPTION @@ -49,74 +48,73 @@ Depending on how redir was compiled, not all options may be available. .SH OPTIONS .TP -.B \--lport +.B \-\-lport Specifies port to listen for connections on (when not running from inetd) .TP -.B \--laddr +.B \-\-laddr IP address to bind to when listening for connections (when not running from inetd) .TP -.B \--cport +.B \-\-cport Specifies port to connect to. .TP -.B \--caddr +.B \-\-caddr Specifies remote host to connect to. (localhost if omitted) .TP -.B \--inetd +.B \-\-inetd Run as a process started from inetd, with the connection passed as stdin and stdout on startup. .TP -.B \--debug +.B \-\-debug Write debug output to stderr or syslog. .TP -.B \--name +.B \-\-name Specify program name to be used for TCP wrapper checks and syslog logging. .TP -.B --timeout +.B \-\-timeout Timeout and close the connection after n seconds of inactivity. .TP -.B \--syslog +.B \-\-syslog Log information to syslog. .TP -.B \--bind_addr +.B \-\-bind_addr Forces redir to pick a specific address/interface to bind to when it listens for incoming connections. .TP -.B \--ftp +.B \-\-ftp When using redir for an FTP server, this will cause redir to also redirect ftp connections. Type should be specified as either "port", "pasv", or "both", to specify what type of FTP connection to handle. -Note that --transproxy often makes one or the other (generally port) +Note that \-\-transproxy often makes one or the other (generally port) undesirable. .TP -.B \--transproxy +.B \-\-transproxy On a linux system with transparent proxying enabled, causes redir to make connections appear as if they had come from their true origin. (see /usr/share/doc/redir/transproxy.txt) .TP -.B \--connect +.B \-\-connect Redirects connections through an HTTP proxy which supports the CONNECT -command. Specify the address and port of the proxy using --caddr and ---cport. --connect requires the hostname and port which the HTTP +command. Specify the address and port of the proxy using \-\-caddr and +\-\-cport. \-\-connect requires the hostname and port which the HTTP proxy will be asked to connect to. .TP -.B \--bufsize n +.B \-\-bufsize n Set the bufsize (defaut 4096) in bytes. Can be used combined with ---max_bandwidth or --random_wait to simulate a slow connection. +\-\-max_bandwidth or \-\-random_wait to simulate a slow connection. .TP -.B \--max_bandwidth n +.B \-\-max_bandwidth n Reduce the bandwidth to be no more than n bits/sec. The algorithme is basic, the goal is to simulate a slow connection, so there is no pic acceptance. .TP -.B \--random_wait n +.B \-\-random_wait n Wait between 0 and 2 x n milliseconds before each "packet". A "packet" is a bloc of data read in one time by redir. A "packet" size is always less -than the bufsize (see also --bufsize). +than the bufsize (see also \-\-bufsize). .TP -.B \--wait_in_out n -Apply --max_bandwidth and --random_wait for input if n=1, output if n=2 and +.B \-\-wait_in_out n +Apply \-\-max_bandwidth and \-\-random_wait for input if n=1, output if n=2 and both if n=3. .SH "SEE ALSO" inetd(1) - debian/patches/02_use_ntohs.dpatch0000755000000000000000000000327311724767172014340 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 02_use_ntohs.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: use ntohs() to generate comprehensible debug()s and syslog()s. @DPATCH@ diff -urNad redir-2.2.1~/redir.c redir-2.2.1/redir.c --- redir-2.2.1~/redir.c 1999-12-26 15:50:06.000000000 -0500 +++ redir-2.2.1/redir.c 2005-10-22 21:29:55.491735272 -0400 @@ -745,7 +745,7 @@ } debug1("peer IP is %s\n", inet_ntoa(client.sin_addr)); - debug1("peer socket is %d\n", client.sin_port); + debug1("peer socket is %d\n", ntohs(client.sin_port)); /* * Double fork here so we don't have to wait later @@ -871,8 +871,8 @@ strcpy(tmp2, inet_ntoa(target->sin_addr)); syslog(LOG_NOTICE, "connecting %s/%d to %s/%d", - tmp1, client.sin_port, - tmp2, target->sin_port); + tmp1, ntohs(client.sin_port), + tmp2, ntohs(target->sin_port)); } /* do proxy stuff */ @@ -1066,7 +1066,7 @@ if (!getpeername(0, (struct sockaddr *) &client, &client_size)) { debug1("peer IP is %s\n", inet_ntoa(client.sin_addr)); - debug1("peer socket is %d\n", client.sin_port); + debug1("peer socket is %d\n", ntohs(client.sin_port)); } if ((targetsock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { perror("target: socket"); @@ -1109,8 +1109,8 @@ if (dosyslog) { syslog(LOG_NOTICE, "connecting %s/%d to %s/%d", - inet_ntoa(client.sin_addr), client.sin_port, - target_ip, target.sin_port); + inet_ntoa(client.sin_addr), ntohs(client.sin_port), + target_ip, ntohs(target.sin_port)); } /* Just start copying - one side of the loop is stdin - 0 */ debian/patches/07_cosmetics.dpatch0000755000000000000000000000201011724767172014313 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 07_cosmetics.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Cosmetic fixes which could be applied upstream @DPATCH@ diff -urNad redir-2.2.1~/redir.man redir-2.2.1/redir.man --- redir-2.2.1~/redir.man 2005-10-22 21:41:51.284918168 -0400 +++ redir-2.2.1/redir.man 2005-10-22 21:42:42.115190792 -0400 @@ -73,7 +73,7 @@ Specify program name to be used for TCP wrapper checks and syslog logging. .TP .B --timeout -Timeout and close the connection after n seconds on inactivity. +Timeout and close the connection after n seconds of inactivity. .TP .B \--syslog Log information to syslog. @@ -90,7 +90,7 @@ undesirable. .TP .B \--transproxy -On a linux system with transparany proxying enables, causes redir to +On a linux system with transparent proxying enabled, causes redir to make connections appear as if they had come from their true origin. (see transproxy.txt in the source archive) .TP debian/patches/31_enable_hardening.patch0000644000000000000000000000143012212630661015403 0ustar Description: Remove overrides in Makefile to enable hardening Author: Tobias Frost Last-Update: <2013-09-07> --- This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ --- a/Makefile +++ b/Makefile @@ -27,13 +27,13 @@ ### end of user configuration section # redir requires gcc. if you're lucky, another compiler might work. -CC = gcc +#CC = gcc # if your system lacks getopt_long, remove the comment from this line OBJS = redir.o $(GETOPT_OBJS) -CFLAGS = -O2 -Wall --pedantic $(STR_CFLAGS) $(WRAP_CFLAGS) $(EXTRA_CFLAGS) -LDFLAGS = # -s +#CFLAGS = -O2 -Wall --pedantic $(STR_CFLAGS) $(WRAP_CFLAGS) $(EXTRA_CFLAGS) +#LDFLAGS = # -s # solaris, and others, may also need these libraries to link # also edit here if you're using the TCP wrappers code debian/patches/01_fix_max_bandwidth_docs.dpatch0000755000000000000000000000435611724767172017022 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 01_fix_max_bandwidth_docs.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: Fix docs and --help to show --max_bandwidth instead of --maxbandwidth @DPATCH@ diff -urNad redir-2.2.1~/redir.c redir-2.2.1/redir.c --- redir-2.2.1~/redir.c 1999-12-26 15:50:06.000000000 -0500 +++ redir-2.2.1/redir.c 2005-10-22 21:21:56.849499952 -0400 @@ -233,7 +233,7 @@ #ifndef NO_SHAPER /* options for bandwidth */ fprintf(stderr, "\t\t--bufsize=\tsize of the buffer\n"); - fprintf(stderr, "\t\t--maxbandwidth=\tlimit the bandwidth\n"); + fprintf(stderr, "\t\t--max_bandwidth=\tlimit the bandwidth\n"); fprintf(stderr, "\t\t--random_wait=\twait before each packet\n"); fprintf(stderr, "\t\t--wait_in_out=\t1 wait for in, 2 out, 3 in&out\n"); /* end options for bandwidth */ diff -urNad redir-2.2.1~/redir.man redir-2.2.1/redir.man --- redir-2.2.1~/redir.man 1999-12-26 15:52:24.000000000 -0500 +++ redir-2.2.1/redir.man 2005-10-22 21:22:28.882630176 -0400 @@ -18,7 +18,7 @@ .I --lport=port .I --cport=port .RB [ \--bufsize=n ] -.RB [ \--maxbandwidth=n ] +.RB [ \--max_bandwidth=n ] .RB [ \--random_wait=n ] .RB [ \--wait_in_out=n ] .ll -8 @@ -35,7 +35,7 @@ .RB [ \--connect=host:port ] .I --cport=port .RB [ \--bufsize=n ] -.RB [ \--maxbandwidth=n ] +.RB [ \--max_bandwidth=n ] .RB [ \--random_wait=n ] .RB [ \--wait_in_out=n ] .ll -8 @@ -102,9 +102,9 @@ .TP .B \--bufsize n Set the bufsize (defaut 4096) in bytes. Can be used combined with ---maxbandwidth or --random_wait to simulate a slow connection. +--max_bandwidth or --random_wait to simulate a slow connection. .TP -.B \--maxbandwidth n +.B \--max_bandwidth n Reduce the bandwidth to be no more than n bits/sec. The algorithme is basic, the goal is to simulate a slow connection, so there is no pic acceptance. @@ -115,7 +115,7 @@ than the bufsize (see also --bufsize). .TP .B \--wait_in_out n -Apply --maxbandwidth and --random_wait for input if n=1, output if n=2 and +Apply --max_bandwidth and --random_wait for input if n=1, output if n=2 and both if n=3. .SH "SEE ALSO" inetd(1) debian/patches/20_do_not_strip.dpatch0000755000000000000000000000131011724767172015022 0ustar #! /bin/sh /usr/share/dpatch/dpatch-run ## 20_do_not_strip.dpatch by Daniel Kahn Gillmor ## ## All lines beginning with `## DP:' are a description of the patch. ## DP: don't strip by default. let dh_strip take care of it. @DPATCH@ diff -urNad redir-2.2.1~/Makefile redir-2.2.1/Makefile --- redir-2.2.1~/Makefile 2007-08-15 14:53:41.908911693 -0400 +++ redir-2.2.1/Makefile 2007-08-15 14:53:59.409909018 -0400 @@ -33,7 +33,7 @@ OBJS = redir.o $(GETOPT_OBJS) CFLAGS = -O2 -Wall --pedantic $(STR_CFLAGS) $(WRAP_CFLAGS) $(EXTRA_CFLAGS) -LDFLAGS = -s +LDFLAGS = # -s # solaris, and others, may also need these libraries to link # also edit here if you're using the TCP wrappers code debian/source/0000755000000000000000000000000011724767751010507 5ustar debian/source/format0000644000000000000000000000001411724767751011715 0ustar 3.0 (quilt) debian/compat0000644000000000000000000000000212212623452010363 0ustar 9