source: npl/overig/nstx/nstx_1.1-beta6-4.diff @ 892871d

--- nstx-1.1-beta6.orig/Makefile
+++ nstx-1.1-beta6/Makefile
@@ -1,4 +1,4 @@
-CFLAGS += -ggdb -Wall -Werror
+CFLAGS += -ggdb -Wall -Werror -Wsign-compare 
 
 NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c
 NSTXD_OBJS = ${NSTXD_SRCS:.c=.o}
--- nstx-1.1-beta6.orig/nstx_dns.c
+++ nstx-1.1-beta6/nstx_dns.c
@@ -6,6 +6,7 @@
 #include <fcntl.h>
 #include <syslog.h>
 #include <unistd.h>
+#include <assert.h>
 
 #include "nstxfun.h"
 #include "nstxdns.h"
@@ -58,7 +59,7 @@
  * DNS-packet 'msg'. */
 
 static char *
-decompress_label(const char *msg, int msglen, const char *lbl)
+decompress_label(const char *msg, unsigned int msglen, const char *lbl)
 {
    const char *ptr = lbl;
    char *buf;
@@ -69,7 +70,7 @@
    
    while ((chunklen = *ptr)) {
       if (chunklen > 63) {
-        if ((ptr-msg) >= (msglen-1)) {
+        if ((ptr-msg) >= ((signed int)msglen-1)) {
            DEBUG("Bad pointer at end of msg");
            if (buf)
              free(buf);
@@ -104,13 +105,15 @@
         ptr += chunklen + 1;
       }
    }
-   buf[buflen] = 0;
-   buflen++;
+   if (buf) {
+     buf[buflen] = 0;
+     buflen++;
+   }
    return buf;
 }
 
 static const unsigned char *
-_cstringify(const unsigned char *data, int *dlen, int clen)
+_cstringify(const unsigned char *data, int *dlen, unsigned int clen)
 {
    static unsigned char *buf;
    
@@ -143,7 +146,7 @@
 {
    int len;
    
-   len = strlen(data);
+   len = strlen((char*)data);
    return _cstringify(data, &len, 63);
 }
 
@@ -183,24 +186,24 @@
 static const unsigned char *
 lbl2data (const unsigned char *data, size_t len)
 {
-   static unsigned char *buf;
-   
+   static signed char *buf = NULL;
    const unsigned char *s = data;
-   unsigned char *d;
-   unsigned int llen;
+   signed char *d;
+   signed int llen;
    
    d = buf = realloc(buf, len);
+   assert(d);
    do
      {
        llen = *s++;
-       if ((llen > 63) || (llen > len - (s - data)))
-         return NULL;
+       if ((llen > 63) || (llen > (signed int)(len - (s - data))))
+         break;
        memcpy(d, s, llen);
        s += llen;
        d += llen;
      } while (llen);
    *d = '\0';
-   return buf;
+   return (const unsigned char*)buf;
 }
 
 /* New DNS-Code */
@@ -318,7 +321,7 @@
    const char *ptr;
    static char *fqdn;
    
-   ptr = data2lbl(data);
+   ptr = (char*)data2lbl((unsigned char*)data);
    fqdn = realloc(fqdn, strlen(ptr)+strlen(suffix)+1);
    strcpy(fqdn, ptr);
    strcat(fqdn, suffix);
@@ -336,8 +339,9 @@
      free(buf);
    
    off = strstr(fqdn, suffix);
-   if (off)
-       buf = strdup(lbl2data(fqdn, off - fqdn));
+   /* only parse if the fqdn was found, and there is more than the fqdn */
+   if (off && off != fqdn)
+       buf = strdup((char*)lbl2data((unsigned char*)fqdn, off - fqdn));
    else
        /* Our suffix not found... */
        buf = NULL; 
@@ -364,7 +368,7 @@
    const char *ptr;
    char *buf;
    
-   ptr = data2txt(data, &len);
+   ptr = (char*)data2txt((unsigned char*)data, &len);
    buf = malloc(len);
    memcpy(buf, ptr, len);
    
@@ -477,7 +481,7 @@
      {
        offsets[i++] = ptr - buf;
        rrp = _new_listitem(&pkt->query);
-       rrp->data = decompress_label(buf, len, ptr);
+       rrp->data = decompress_label((char*)buf, len, (char*)ptr);
        if (!rrp->data)
          {
             syslog(LOG_ERR, "dns_extractpkt: decompress_label choked in qd\n");
@@ -517,8 +521,9 @@
             if (j < i)
               rrp->link = j;
          }
-       ptr = _skip_lbl(ptr, &remain);
-       rrp->len = ptr[8]*256+ptr[9];
+       //      ptr = _skip_lbl(ptr, &remain);
+       //      rrp->len = ptr[8]*256+ptr[9];
+       rrp->len = ptr[10]*256+ptr[11];
        ptr += 12;
        remain -= 12;
        if (remain < rrp->len)
--- nstx-1.1-beta6.orig/nstx_encode.c
+++ nstx-1.1-beta6/nstx_encode.c
@@ -30,11 +30,11 @@
 
 void init_revmap (void)
 {
-   int i;
+   unsigned int i;
    
    revmap = malloc(256);
    
-   for (i = 0; i < strlen(map); i++)
+   for (i = 0; i < strlen((char*)map); i++)
      revmap[map[i]] = i;
 }
    
@@ -70,11 +70,11 @@
    if (!revmap)
      init_revmap();
    
-   len = strlen(data)-1;
-   
+   len = strlen((char*)data);
+
    buf = realloc(buf, ((len+3)/4)*3);
    
-   while (off < len) {
+   while (off+3 < len) {
       buf[i+0] = (revmap[data[off]]<<2)|((revmap[data[off+1]]&48)>>4);
       buf[i+1] = ((revmap[data[off+1]]&15)<<4)|((revmap[data[off+2]]&60)>>2);
       buf[i+2] = ((revmap[data[off+2]]&3)<<6)|(revmap[data[off+3]]);
--- nstx-1.1-beta6.orig/nstx_pstack.c
+++ nstx-1.1-beta6/nstx_pstack.c
@@ -49,7 +49,7 @@
    char *netpacket;
    int netpacketlen;
    
-   if ((!ptr) || len < sizeof(struct nstxhdr))
+   if ((!ptr) || (signed int) len < (signed int) sizeof(struct nstxhdr))
      return;
 
    if (!nstxpkt->id)
--- nstx-1.1-beta6.orig/nstx_tuntap.c
+++ nstx-1.1-beta6/nstx_tuntap.c
@@ -215,7 +215,7 @@
 
 struct nstxmsg *nstx_select (int timeout)
 {
-   int peerlen;
+   unsigned peerlen;
    fd_set set;
    struct timeval tv;
    static struct nstxmsg *ret = NULL;
--- nstx-1.1-beta6.orig/nstxcd.c
+++ nstx-1.1-beta6/nstxcd.c
@@ -63,7 +63,7 @@
 int main (int argc, char * argv[]) {
   struct nstxmsg *msg;
   const char   *device = NULL;
-  char          ch;
+  int           ch;
 
   nsid = time(NULL);
  
@@ -110,11 +110,11 @@
    const char *data;
    int datalen;
    
-   pkt = dns_extractpkt (reply, len);
+   pkt = dns_extractpkt ((unsigned char*)reply, len);
    if (!pkt)
      return;
    while ((data = dns_getanswerdata(pkt, &datalen))) {
-      data = txt2data(data, &datalen);
+      data = (char*)txt2data((unsigned char*)data, &datalen);
       nstx_handlepacket (data, datalen, &sendtun);
    }
    dequeueitem(pkt->id);
@@ -159,9 +159,9 @@
     data += l;
     datalen -= l;
     
-    dns_addquery(pkt, dns_data2fqdn(nstx_encode(p, sizeof(nh)+l)));
+    dns_addquery(pkt, dns_data2fqdn(nstx_encode((unsigned char*)p, sizeof(nh)+l)));
     free(p);
-    p = dns_constructpacket(pkt, &l);
+    p = (char*)dns_constructpacket(pkt, &l);
     sendns(p, l, NULL);
     free(p);
 
--- nstx-1.1-beta6.orig/nstxd.c
+++ nstx-1.1-beta6/nstxd.c
@@ -67,7 +67,7 @@
 }
 
 int main (int argc, char *argv[]) {
-   char                 ch;
+   signed char  ch;
    const char  *device = NULL, *dir = NULL;
    in_addr_t    bindto = INADDR_ANY;
    uid_t        uid = 0;
@@ -172,7 +172,7 @@
    dns_setid(pkt, q->id);
    dns_settype(pkt, DNS_RESPONSE);
    dns_addanswer(pkt, "\xb4\x00\x00\x00", 4, dns_addquery(pkt, q->name));
-   buf = dns_constructpacket (pkt, &len);
+   buf = (char*)dns_constructpacket (pkt, &len);
    sendns(buf, len, &q->peer);
    free(buf);
 }  
@@ -188,7 +188,7 @@
    
    if (msg) {
      if (msg->src == FROMNS) {
-       pkt = dns_extractpkt(msg->data, msg->len);
+       pkt = dns_extractpkt((unsigned char*)msg->data, msg->len);
        if (pkt)
          {
             name = dns_getquerydata(pkt);
@@ -198,7 +198,7 @@
                        name);
                  queueitem(pkt->id, name, &msg->peer);
                  if ((data = dns_fqdn2data(name)) &&
-                     (buf = nstx_decode(data, &len)))
+                     (buf = nstx_decode((unsigned char*)data, &len)))
                    {
                       nstx_handlepacket(buf, len, &sendtun);
                    }
@@ -220,7 +220,7 @@
       len = dns_getfreespace(pkt, DNS_RESPONSE);
       buf = dequeue_senditem(&len);
       dns_addanswer(pkt, buf, len, link);
-      buf = dns_constructpacket(pkt, &len);
+      buf = (char*)dns_constructpacket(pkt, &len);
       sendns(buf, len, &qitem->peer);
    }
    timeoutqueue(do_timeout);
--- nstx-1.1-beta6.orig/debian/nstx.postinst
+++ nstx-1.1-beta6/debian/nstx.postinst
@@ -0,0 +1,21 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+    configure)
+       adduser --quiet --system --home /var/run/nstxd nstxd
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+#DEBHELPER#
+
--- nstx-1.1-beta6.orig/debian/changelog
+++ nstx-1.1-beta6/debian/changelog
@@ -0,0 +1,102 @@
+nstx (1.1-beta6-4) unstable; urgency=low
+
+  * Fix segfault triggered by normal DNS traffic (closes: #345159)
+
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Wed, 18 Jan 2006 21:10:26 +0000
+
+nstx (1.1-beta6-3) unstable; urgency=low
+
+  * Apply patch to fix crashes when looking up the tunnel domain
+    (closes: #307489)
+  * Allow the tunnel being brought up to be configured (closes: #334073)
+  * Attempt to automatically grab a DNS server (closes: #307769)
+  * Add NSTX_IFACE string in /etc/default/nstx to allow binding to a 
+    specific interface on nstxd startup (closes: #299435)
+
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Mon, 12 Dec 2005 19:28:09 +0000
+
+nstx (1.1-beta6-2.1) unstable; urgency=high
+
+  * Non-maintainer upload.
+  * nstxcd.c: changed the variable ch to be an int instead of a char, since
+    that is what it must be when it gets the return value from getopt.
+    Closes: #306265 (which is release critical, hence a high severity).
+
+ -- Lars Wirzenius <liw@iki.fi>  Thu, 28 Apr 2005 19:39:00 +0300
+
+nstx (1.1-beta6-2) unstable; urgency=low
+
+  * don't cast things to signed chars if you want numbers greater than 128
+    (closes: #302874)
+  * fix FTBFS with gcc 4.0 (thanks to Andreas Jochens for the patch)
+    (closes: #300878)
+  * don't assume chars are signed
+
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Sun,  3 Apr 2005 16:36:20 +0100
+
+nstx (1.1-beta6-1) unstable; urgency=high
+
+  * new upstream release
+  * allow binding to a specific interface (closes: #272850)
+  * major stability improvements, upgrade recommended
+
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Mon,  7 Mar 2005 01:52:10 +0000
+
+nstx (1.1-beta5-6) unstable; urgency=high
+
+  * initialise variables that are going to be used (closes: #277293)
+  * compile with -W, fix up signed/unsigned comparisons (closes: #277296)
+  * fix restart bug in nstxd init script (closes: #277319)
+  * add a length check to nstx_decode, so we don't try to decode packets
+    that are too short (closes: #277334)
+  * bump the debhelper build-depends to reflect the requirement for --name
+    in dh_installinit (closes: #277295)
+       
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Tue, 19 Oct 2004 23:13:05 +0100
+       
+nstx (1.1-beta5-5) unstable; urgency=high
+
+  * Make sure that packet length is compared against a signed int, rather
+    than an unsigned size_t. I haven't managed to track down what causes
+    this in the first place, but nstxd sessions seem to crash with
+    moderate regularity even when they're not being used. At a guess there's
+    some sort of DNS probing going on that upsets it (closes: #259079)
+
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Mon, 17 Aug 2004 18:20:05 +0100
+       
+nstx (1.1-beta5-4) unstable; urgency=low       
+
+  * Depend on adduser (closes: #263334)
+       
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Mon, 19 Jul 2004 16:38:44 +0100
+       
+nstx (1.1-beta5-3) unstable; urgency=low
+
+  * Generate an unprivileged user. chroot and drop privileges on daemon
+    startup. 
+  * Revert nstxcd code to 1.1-beta 4 - working with bind seems preferable
+    to working with djbdns (closes: #259057)
+
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Mon, 19 Jul 2004 16:38:44 +0100
+       
+nstx (1.1-beta5-2) unstable; urgency=low
+
+  * ifdown tun0 on stop
+
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Sat, 10 Jul 2004 19:11:33 +0100
+       
+nstx (1.1-beta5-1) unstable; urgency=low
+       
+  * New upstream version
+  * Compile with -O2 (Closes: #255143)
+  * Don't claim to have failed when startup is disabled
+  * Fix segfault on zero-length queries
+       
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Sat, 10 Jul 2004 18:37:43 +0100
+       
+nstx (1.1-beta4-1) unstable; urgency=low
+
+  * Initial Release.
+
+ -- Matthew Garrett <mjg59@srcf.ucam.org>  Thu, 27 May 2004 16:41:12 +0100
+
--- nstx-1.1-beta6.orig/debian/compat
+++ nstx-1.1-beta6/debian/compat
@@ -0,0 +1 @@
+4
--- nstx-1.1-beta6.orig/debian/dirs
+++ nstx-1.1-beta6/debian/dirs
@@ -0,0 +1,2 @@
+usr/bin
+usr/sbin
--- nstx-1.1-beta6.orig/debian/nstx.nstxd.init
+++ nstx-1.1-beta6/debian/nstx.nstxd.init
@@ -0,0 +1,108 @@
+#! /bin/sh
+#
+# /etc/init.d/nstxd: start and stop the nstx IP over DNS daemon
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/nstxd
+NAME=nstxd
+DESC=nstxd
+NSTX_OPTIONS="-C /var/run/nstxd -u nstxd"
+
+test -x $DAEMON || exit 0
+
+# Include nstx defaults if available
+if [ -f /etc/default/nstx ] ; then
+       . /etc/default/nstx
+fi
+
+set -e
+
+check_start_nstxd_option() {
+    if [ ! "$start_nstxd" = "yes" ]; then
+       echo "Not starting nstx daemon, disabled via /etc/default/nstx"
+       return 1
+    else
+       return 0
+    fi
+}
+
+
+case "$1" in
+  start)
+  if check_start_nstxd_option; then
+       echo -n "Starting $DESC: "
+       if [ -n "$NSTX_IFACE" ]; then
+               OPTIONS="-i $NSTX_IFACE $NSTX_OPTIONS $NSTX_DOMAIN"
+       else
+               OPTIONS="$NSTX_OPTIONS $NSTX_DOMAIN"
+       fi
+       start-stop-daemon --start -b -m --quiet --pidfile /var/run/$NAME.pid \
+               --exec $DAEMON -- $OPTIONS 
+       sleep 1;
+       if [ -n "$ifup_tun" ]; then
+           ifup "$ifup_tun"
+       fi
+       # for backward compatibility
+       if [ "$ifup_tun0" = "yes" ]; then
+           ifup tun0
+       fi
+       echo "$NAME."
+  else
+      RET=1
+  fi
+       ;;
+  stop)
+       echo -n "Stopping $DESC: "
+       if [ -n "$ifup_tun" ]; then
+           ifdown "$ifup_tun"
+       fi
+       # for backward compatibility
+       if [ "$ifup_tun0" = "yes" ]; then
+           ifdown tun0
+       fi
+       start-stop-daemon --stop --quiet -m -o --pidfile /var/run/$NAME.pid \
+               --exec $DAEMON
+       echo "$NAME."
+       ;;
+  restart|force-reload)
+       #
+       #       If the "reload" option is implemented, move the "force-reload"
+       #       option to the "reload" entry above. If not, "force-reload" is
+       #       just the same as "restart".
+       #
+       echo -n "Restarting $DESC: "
+       if [ -n "$ifup_tun" ]; then
+           ifdown "$ifup_tun"
+       fi
+       # for backward compatibility
+       if [ "$ifup_tun0" = "yes" ]; then
+           ifdown tun0
+       fi
+       start-stop-daemon --stop -m -o --quiet --pidfile \
+               /var/run/$NAME.pid --exec $DAEMON
+       sleep 1
+       if check_start_nstxd_option; then
+           start-stop-daemon --start -b -m --quiet --pidfile \
+               /var/run/$NAME.pid --exec $DAEMON -- $NSTX_OPTIONS $NSTX_DOMAIN
+           sleep 1;
+            if [ -n "$ifup_tun" ]; then
+                ifup "$ifup_tun"
+            fi
+            # for backward compatibility
+           if [ "$ifup_tun0" = "yes" ]; then
+               ifup tun0
+           fi
+           echo "$NAME."
+       else
+           RET=1
+       fi
+       ;;
+  *)
+       N=/etc/init.d/$NAME
+       # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+       echo "Usage: $N {start|stop|restart|force-reload}" >&2
+       exit 1
+       ;;
+esac
+
+exit 0
--- nstx-1.1-beta6.orig/debian/nstx.nstxcd.init
+++ nstx-1.1-beta6/debian/nstx.nstxcd.init
@@ -0,0 +1,102 @@
+#! /bin/sh
+#
+# /etc/init.d/nstxcd: start and stop the nstx IP over DNS client
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/nstxcd
+NAME=nstxcd
+DESC=nstxcd
+
+test -x $DAEMON || exit 0
+
+# Include nstx defaults if available
+if [ -f /etc/default/nstx ] ; then
+       . /etc/default/nstx
+fi
+
+set -e
+
+check_start_nstxcd_option() {
+    if [ ! "$start_nstxcd" = "yes" ]; then
+       echo "Not starting nstx client, disabled via /etc/default/nstx"
+       return 1
+    else
+       return 0
+    fi
+}
+
+
+case "$1" in
+  start)
+  if check_start_nstxcd_option; then
+       echo -n "Starting $DESC: "
+       start-stop-daemon --start -b -m --quiet --pidfile /var/run/$NAME.pid \
+               --exec $DAEMON -- $NSTX_DOMAIN $NSTX_DNS_SERVER
+       sleep 1;
+       if [ -n "$ifup_tun" ]; then
+           ifup "$ifup_tun"
+       fi
+       # for backward compatibility
+       if [ "$ifup_tun0" = "yes" ]; then
+           ifup tun0
+       fi
+       echo "$NAME."
+  else
+      RET=1
+  fi
+       ;;
+  stop)
+       echo -n "Stopping $DESC: "
+       if [ -n "$ifup_tun" ]; then
+           ifdown "$ifup_tun"
+       fi
+       # for backward compatibility
+       if [ "$ifup_tun0" = "yes" ]; then
+           ifdown tun0
+       fi
+       start-stop-daemon --stop -m -o --quiet --pidfile /var/run/$NAME.pid \
+               --exec $DAEMON
+       echo "$NAME."
+       ;;
+  restart|force-reload)
+       #
+       #       If the "reload" option is implemented, move the "force-reload"
+       #       option to the "reload" entry above. If not, "force-reload" is
+       #       just the same as "restart".
+       #
+       echo -n "Restarting $DESC: "
+       if [ -n "$ifup_tun" ]; then
+           ifdown "$ifup_tun"
+       fi
+       # for backward compatibility
+       if [ "$ifup_tun0" = "yes" ]; then
+           ifdown tun0
+       fi
+       start-stop-daemon --stop -m -o --quiet --pidfile \
+               /var/run/$NAME.pid --exec $DAEMON
+       sleep 1
+       if check_start_nstxcd_option; then
+           start-stop-daemon --start -b -m --quiet --pidfile \
+               /var/run/$NAME.pid --exec $DAEMON -- $NSTX_DOMAIN $NSTX_DNS_SERVER
+           sleep 1;
+            if [ -n "$ifup_tun" ]; then
+                ifup "$ifup_tun"
+            fi
+            # for backward compatibility
+           if [ "$ifup_tun0" = "yes" ]; then
+               ifup tun0
+           fi
+           echo "$NAME."
+       else
+           RET=1
+       fi
+       ;;
+  *)
+       N=/etc/init.d/$NAME
+       # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
+       echo "Usage: $N {start|stop|restart|force-reload}" >&2
+       exit 1
+       ;;
+esac
+
+exit 0
--- nstx-1.1-beta6.orig/debian/control
+++ nstx-1.1-beta6/debian/control
@@ -0,0 +1,13 @@
+Source: nstx
+Section: net
+Priority: optional
+Maintainer: Matthew Garrett <mjg59@srcf.ucam.org>
+Build-Depends: debhelper (>= 4.1.68)
+Standards-Version: 3.6.0
+
+Package: nstx
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
+Description: Tunnel IP over DNS
+ nstx allows you to pass IP packets via DNS queries. This allows you to use
+ standard network protocols when otherwise only DNS would be available.
--- nstx-1.1-beta6.orig/debian/rules
+++ nstx-1.1-beta6/debian/rules
@@ -0,0 +1,100 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# GNU copyright 1997 to 1999 by Joey Hess.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+
+
+
+CFLAGS = -Wall -g
+
+ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS)))
+       CFLAGS += -O0
+else
+       CFLAGS += -O2
+endif
+ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS)))
+       INSTALL_PROGRAM += -s
+endif
+
+configure: configure-stamp
+configure-stamp:
+       dh_testdir
+       # Add here commands to configure the package.
+
+       touch configure-stamp
+
+
+build: build-stamp
+
+build-stamp: configure-stamp 
+       dh_testdir
+
+       # Add here commands to compile the package.
+       $(MAKE)
+       #/usr/bin/docbook-to-man debian/nstx.sgml > nstx.1
+
+       touch build-stamp
+
+clean:
+       dh_testdir
+       dh_testroot
+       rm -f build-stamp configure-stamp
+
+       # Add here commands to clean up after the build process.
+       -$(MAKE) clean
+
+       dh_clean 
+
+install: build
+       dh_testdir
+       dh_testroot
+       dh_clean -k 
+       dh_installdirs
+
+       # Add here commands to install the package into debian/nstx.
+       install nstxd -D $(CURDIR)/debian/nstx/usr/sbin/nstxd
+       install nstxcd -D $(CURDIR)/debian/nstx/usr/sbin/nstxcd
+
+# Build architecture-independent files here.
+binary-indep: build install
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: build install
+       dh_testdir
+       dh_testroot
+       dh_installchangelogs Changelog
+       dh_installdocs
+       dh_installexamples
+#      dh_install
+#      dh_installmenu
+#      dh_installdebconf       
+#      dh_installlogrotate
+#      dh_installemacsen
+#      dh_installpam
+#      dh_installmime
+       dh_installinit
+       dh_installinit --name=nstxd
+       dh_installinit --name=nstxcd
+#      dh_installcron
+#      dh_installinfo
+       dh_installman
+       dh_link
+       dh_strip
+       dh_compress
+       dh_fixperms
+#      dh_perl
+#      dh_python
+#      dh_makeshlibs
+       dh_installdeb
+       dh_shlibdeps
+       dh_gencontrol
+       dh_md5sums
+       dh_builddeb
+
+binary: binary-indep binary-arch
+.PHONY: build clean binary-indep binary-arch binary install configure
--- nstx-1.1-beta6.orig/debian/nstx.manpages
+++ nstx-1.1-beta6/debian/nstx.manpages
@@ -0,0 +1,2 @@
+nstxd.8
+nstxcd.8
--- nstx-1.1-beta6.orig/debian/README.Debian
+++ nstx-1.1-beta6/debian/README.Debian
@@ -0,0 +1,43 @@
+nstx for Debian
+---------------
+
+This package requires the tun driver to be loaded. As a result, you need
+CONFIG_TUN to be either y or m in your kernel configuration. In order to
+start things automatically, you need to configure /etc/default/nstx
+
+Security note
+-------------
+
+nstx includes no authentication. Anyone who knows the name of your tunnel
+domain will be able to connect to the daemon.
+
+djbdns
+------
+
+nstx will allegedly not work with a djbdns server. If you want to try
+it, the following patch should make it work:
+
+--- nstx_dns.old.c     2004-08-17 18:13:26.000000000 +0100
++++ nstx_dns.c 2004-08-17 18:13:12.000000000 +0100
+@@ -598,9 +598,8 @@
+            if (j < i)
+              rrp->link = j;
+         }
+-      //      ptr = _skip_lbl(ptr, &remain);
+-      //      rrp->len = ptr[8]*256+ptr[9];
+-        rrp->len = ptr[10]*256+ptr[11];
++      ptr = _skip_lbl(ptr, &remain);
++      rrp->len = ptr[8]*256+ptr[9];
+       ptr += 12;
+       remain -= 12;
+       if (remain < rrp->len)
+
+It's not included by default because it appears to break the nstx
+client with bind9 servers. To apply it:
+
+apt-get source nstx
+cd nstx-*
+patch <debian/README.Debian
+dpkg-buildpackage -rfakeroot
+
+ -- Matthew Garrett <mjg59@srcf.ucam.org>, Thu, 27 May 2004 16:41:12 +0100
--- nstx-1.1-beta6.orig/debian/nstx.default
+++ nstx-1.1-beta6/debian/nstx.default
@@ -0,0 +1,25 @@
+# Defaults for nstx initscript
+# sourced by /etc/init.d/nstx
+# installed at /etc/default/nstx by the maintainer scripts
+
+#
+# This is a POSIX shell fragment
+#
+
+# The name of the domain for the tunnel - needed for client and server
+NSTX_DOMAIN=""
+
+# The IP address of the DNS server - needed for client only
+NSTX_DNS_SERVER=`grep nameserver /etc/resolv.conf |head -1|awk '{print $2}'`
+
+# uncomment to start nstxd on system startup
+#start_nstxd=yes
+
+# uncomment to start nstxcd on system startup
+#start_nstxcd=yes
+
+# uncomment to bring up tun0 automatically
+#ifup_tun=tun0
+
+# uncomment to tell nstx to bind to a specific interface
+#NSTX_IFACE="1.2.3.4"
--- nstx-1.1-beta6.orig/debian/copyright
+++ nstx-1.1-beta6/debian/copyright
@@ -0,0 +1,18 @@
+This package was debianized by Matthew Garrett <mjg59@srcf.ucam.org> on
+Thu, 27 May 2004 16:41:12 +0100.
+
+It was downloaded from http://nstx.dereference.de/nstx/
+
+Upstream Authors: 
+
+Florian Heinz <sky@sysv.de>
+Julien Oster <frodo@sysv.de>
+
+
+Copyright:
+
+nstx is released under the terms of the GNU General Public License version 2
+ 
+On Debian systems, the complete text of the GNU General Public
+License can be found in the file '/usr/share/common-licenses/GPL'
+
--- nstx-1.1-beta6.orig/debian/docs
+++ nstx-1.1-beta6/debian/docs
@@ -0,0 +1 @@
+README
--- nstx-1.1-beta6.orig/nstxcd.8
+++ nstx-1.1-beta6/nstxcd.8
@@ -0,0 +1,36 @@
+.TH NSTXCD "8" "May 2004" "nstx 1.1-beta4" "User Commands"
+.SH NAME
+nstxcd \- IP over DNS tunneling client
+
+.SH SYNOPSIS
+.B "nstxcd \fIDOMAIN\fR \fIIPADDRESS\fR"
+
+.SH DESCRIPTION
+.B nstxcd
+tunnels IP packets over DNS, allowing them to be sent to a server without
+any protocols other than DNS being used.
+
+.SH OPTIONS
+.B nstxcd
+takes the following options:
+.IP "domain"
+The domain that nstxcd will send requests to. This domain must be delegated
+to a machine that is running nstxd.
+.IP "IP address"
+The IP address of a DNS server that can be reached from the current machine.
+
+.SH USAGE
+.Bnstxcd
+should be run against a domain that has been delegated to a machine running
+nstxd. It will then take any packets that are sent to the tun0 interface and
+send them over DNS to the other tunnel endpoint. Responses will appear on 
+the tun0 interface.
+
+.SH AUTHORS
+
+.IP 
+Florian Heinz <sky@sysv.de>
+.IP 
+Julien Oster <frodo@sysv.de>
+.IP 
+http://nstx.dereference.de/nstx/
--- nstx-1.1-beta6.orig/nstxd.8
+++ nstx-1.1-beta6/nstxd.8
@@ -0,0 +1,47 @@
+.TH NSTXD "7" "Mar 2005" "nstx 1.1-beta6" "User Commands"
+.SH NAME
+nstxd \- IP over DNS tunneling daemon
+
+.SH SYNOPSIS
+.B "nstxd \fIOPTION\fR \fIDOMAIN\fR"
+
+.SH DESCRIPTION
+.B nstxd
+listens for well formed DNS requests and translates them into IP packets.
+Responses are sent in the form of DNS replies. This allows clients to
+tunnel IP packets over the DNS protocol.
+
+.SH OPTIONS
+.B nstxd
+takes the following option:
+.IP \-d tun-device
+Use this tun device instead of tun0
+.IP \-i ipaddr
+Bind to this IP address rather than every available address
+.IP \-C dir
+Chroot to this directory on startup
+.IP \-D
+Daemonize on startup
+.IP \-g
+Switch on debug messages
+.IP \-u user
+Run as the following user
+.IP "domain"
+The domain that nstxd will listen to requests for. This should be a domain
+that is delegated to the machine running nstxd.
+
+.SH USAGE
+A domain should be delegated to the machine that will run nstxd. nstxd should
+then be run giving that domain as the only argument. nstxd will then listen
+for requests and translate them into IP packets that will appear on the tun0
+interface. Packets sent to the tun0 interface will be transferred back to
+the client as DNS answers.
+
+.SH AUTHORS
+
+.IP 
+Florian Heinz <sky@sysv.de>
+.IP 
+Julien Oster <frodo@sysv.de>
+.IP 
+http://nstx.dereference.de/nstx/