--- nstx-1.1-beta6.orig/Makefile +++ nstx-1.1-beta6/Makefile @@ -1,4 +1,4 @@ -CFLAGS += -ggdb -Wall -Werror +CFLAGS += -ggdb -Wall -Werror -Wsign-compare NSTXD_SRCS = nstxd.c nstx_encode.c nstx_pstack.c nstx_dns.c nstx_tuntap.c nstx_queue.c NSTXD_OBJS = ${NSTXD_SRCS:.c=.o} --- nstx-1.1-beta6.orig/nstx_dns.c +++ nstx-1.1-beta6/nstx_dns.c @@ -6,6 +6,7 @@ #include #include #include +#include #include "nstxfun.h" #include "nstxdns.h" @@ -58,7 +59,7 @@ * DNS-packet 'msg'. */ static char * -decompress_label(const char *msg, int msglen, const char *lbl) +decompress_label(const char *msg, unsigned int msglen, const char *lbl) { const char *ptr = lbl; char *buf; @@ -69,7 +70,7 @@ while ((chunklen = *ptr)) { if (chunklen > 63) { - if ((ptr-msg) >= (msglen-1)) { + if ((ptr-msg) >= ((signed int)msglen-1)) { DEBUG("Bad pointer at end of msg"); if (buf) free(buf); @@ -104,13 +105,15 @@ ptr += chunklen + 1; } } - buf[buflen] = 0; - buflen++; + if (buf) { + buf[buflen] = 0; + buflen++; + } return buf; } static const unsigned char * -_cstringify(const unsigned char *data, int *dlen, int clen) +_cstringify(const unsigned char *data, int *dlen, unsigned int clen) { static unsigned char *buf; @@ -143,7 +146,7 @@ { int len; - len = strlen(data); + len = strlen((char*)data); return _cstringify(data, &len, 63); } @@ -183,24 +186,24 @@ static const unsigned char * lbl2data (const unsigned char *data, size_t len) { - static unsigned char *buf; - + static signed char *buf = NULL; const unsigned char *s = data; - unsigned char *d; - unsigned int llen; + signed char *d; + signed int llen; d = buf = realloc(buf, len); + assert(d); do { llen = *s++; - if ((llen > 63) || (llen > len - (s - data))) - return NULL; + if ((llen > 63) || (llen > (signed int)(len - (s - data)))) + break; memcpy(d, s, llen); s += llen; d += llen; } while (llen); *d = '\0'; - return buf; + return (const unsigned char*)buf; } /* New DNS-Code */ @@ -318,7 +321,7 @@ const char *ptr; static char *fqdn; - ptr = data2lbl(data); + ptr = (char*)data2lbl((unsigned char*)data); fqdn = realloc(fqdn, strlen(ptr)+strlen(suffix)+1); strcpy(fqdn, ptr); strcat(fqdn, suffix); @@ -336,8 +339,9 @@ free(buf); off = strstr(fqdn, suffix); - if (off) - buf = strdup(lbl2data(fqdn, off - fqdn)); + /* only parse if the fqdn was found, and there is more than the fqdn */ + if (off && off != fqdn) + buf = strdup((char*)lbl2data((unsigned char*)fqdn, off - fqdn)); else /* Our suffix not found... */ buf = NULL; @@ -364,7 +368,7 @@ const char *ptr; char *buf; - ptr = data2txt(data, &len); + ptr = (char*)data2txt((unsigned char*)data, &len); buf = malloc(len); memcpy(buf, ptr, len); @@ -477,7 +481,7 @@ { offsets[i++] = ptr - buf; rrp = _new_listitem(&pkt->query); - rrp->data = decompress_label(buf, len, ptr); + rrp->data = decompress_label((char*)buf, len, (char*)ptr); if (!rrp->data) { syslog(LOG_ERR, "dns_extractpkt: decompress_label choked in qd\n"); @@ -517,8 +521,9 @@ if (j < i) rrp->link = j; } - ptr = _skip_lbl(ptr, &remain); - rrp->len = ptr[8]*256+ptr[9]; + // ptr = _skip_lbl(ptr, &remain); + // rrp->len = ptr[8]*256+ptr[9]; + rrp->len = ptr[10]*256+ptr[11]; ptr += 12; remain -= 12; if (remain < rrp->len) --- nstx-1.1-beta6.orig/nstx_encode.c +++ nstx-1.1-beta6/nstx_encode.c @@ -30,11 +30,11 @@ void init_revmap (void) { - int i; + unsigned int i; revmap = malloc(256); - for (i = 0; i < strlen(map); i++) + for (i = 0; i < strlen((char*)map); i++) revmap[map[i]] = i; } @@ -70,11 +70,11 @@ if (!revmap) init_revmap(); - len = strlen(data)-1; - + len = strlen((char*)data); + buf = realloc(buf, ((len+3)/4)*3); - while (off < len) { + while (off+3 < len) { buf[i+0] = (revmap[data[off]]<<2)|((revmap[data[off+1]]&48)>>4); buf[i+1] = ((revmap[data[off+1]]&15)<<4)|((revmap[data[off+2]]&60)>>2); buf[i+2] = ((revmap[data[off+2]]&3)<<6)|(revmap[data[off+3]]); --- nstx-1.1-beta6.orig/nstx_pstack.c +++ nstx-1.1-beta6/nstx_pstack.c @@ -49,7 +49,7 @@ char *netpacket; int netpacketlen; - if ((!ptr) || len < sizeof(struct nstxhdr)) + if ((!ptr) || (signed int) len < (signed int) sizeof(struct nstxhdr)) return; if (!nstxpkt->id) --- nstx-1.1-beta6.orig/nstx_tuntap.c +++ nstx-1.1-beta6/nstx_tuntap.c @@ -215,7 +215,7 @@ struct nstxmsg *nstx_select (int timeout) { - int peerlen; + unsigned peerlen; fd_set set; struct timeval tv; static struct nstxmsg *ret = NULL; --- nstx-1.1-beta6.orig/nstxcd.c +++ nstx-1.1-beta6/nstxcd.c @@ -63,7 +63,7 @@ int main (int argc, char * argv[]) { struct nstxmsg *msg; const char *device = NULL; - char ch; + int ch; nsid = time(NULL); @@ -110,11 +110,11 @@ const char *data; int datalen; - pkt = dns_extractpkt (reply, len); + pkt = dns_extractpkt ((unsigned char*)reply, len); if (!pkt) return; while ((data = dns_getanswerdata(pkt, &datalen))) { - data = txt2data(data, &datalen); + data = (char*)txt2data((unsigned char*)data, &datalen); nstx_handlepacket (data, datalen, &sendtun); } dequeueitem(pkt->id); @@ -159,9 +159,9 @@ data += l; datalen -= l; - dns_addquery(pkt, dns_data2fqdn(nstx_encode(p, sizeof(nh)+l))); + dns_addquery(pkt, dns_data2fqdn(nstx_encode((unsigned char*)p, sizeof(nh)+l))); free(p); - p = dns_constructpacket(pkt, &l); + p = (char*)dns_constructpacket(pkt, &l); sendns(p, l, NULL); free(p); --- nstx-1.1-beta6.orig/nstxd.c +++ nstx-1.1-beta6/nstxd.c @@ -67,7 +67,7 @@ } int main (int argc, char *argv[]) { - char ch; + signed char ch; const char *device = NULL, *dir = NULL; in_addr_t bindto = INADDR_ANY; uid_t uid = 0; @@ -172,7 +172,7 @@ dns_setid(pkt, q->id); dns_settype(pkt, DNS_RESPONSE); dns_addanswer(pkt, "\xb4\x00\x00\x00", 4, dns_addquery(pkt, q->name)); - buf = dns_constructpacket (pkt, &len); + buf = (char*)dns_constructpacket (pkt, &len); sendns(buf, len, &q->peer); free(buf); } @@ -188,7 +188,7 @@ if (msg) { if (msg->src == FROMNS) { - pkt = dns_extractpkt(msg->data, msg->len); + pkt = dns_extractpkt((unsigned char*)msg->data, msg->len); if (pkt) { name = dns_getquerydata(pkt); @@ -198,7 +198,7 @@ name); queueitem(pkt->id, name, &msg->peer); if ((data = dns_fqdn2data(name)) && - (buf = nstx_decode(data, &len))) + (buf = nstx_decode((unsigned char*)data, &len))) { nstx_handlepacket(buf, len, &sendtun); } @@ -220,7 +220,7 @@ len = dns_getfreespace(pkt, DNS_RESPONSE); buf = dequeue_senditem(&len); dns_addanswer(pkt, buf, len, link); - buf = dns_constructpacket(pkt, &len); + buf = (char*)dns_constructpacket(pkt, &len); sendns(buf, len, &qitem->peer); } timeoutqueue(do_timeout); --- nstx-1.1-beta6.orig/debian/nstx.postinst +++ nstx-1.1-beta6/debian/nstx.postinst @@ -0,0 +1,21 @@ +#!/bin/sh + +set -e + +case "$1" in + configure) + adduser --quiet --system --home /var/run/nstxd nstxd + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + --- nstx-1.1-beta6.orig/debian/changelog +++ nstx-1.1-beta6/debian/changelog @@ -0,0 +1,102 @@ +nstx (1.1-beta6-4) unstable; urgency=low + + * Fix segfault triggered by normal DNS traffic (closes: #345159) + + -- Matthew Garrett Wed, 18 Jan 2006 21:10:26 +0000 + +nstx (1.1-beta6-3) unstable; urgency=low + + * Apply patch to fix crashes when looking up the tunnel domain + (closes: #307489) + * Allow the tunnel being brought up to be configured (closes: #334073) + * Attempt to automatically grab a DNS server (closes: #307769) + * Add NSTX_IFACE string in /etc/default/nstx to allow binding to a + specific interface on nstxd startup (closes: #299435) + + -- Matthew Garrett Mon, 12 Dec 2005 19:28:09 +0000 + +nstx (1.1-beta6-2.1) unstable; urgency=high + + * Non-maintainer upload. + * nstxcd.c: changed the variable ch to be an int instead of a char, since + that is what it must be when it gets the return value from getopt. + Closes: #306265 (which is release critical, hence a high severity). + + -- Lars Wirzenius Thu, 28 Apr 2005 19:39:00 +0300 + +nstx (1.1-beta6-2) unstable; urgency=low + + * don't cast things to signed chars if you want numbers greater than 128 + (closes: #302874) + * fix FTBFS with gcc 4.0 (thanks to Andreas Jochens for the patch) + (closes: #300878) + * don't assume chars are signed + + -- Matthew Garrett Sun, 3 Apr 2005 16:36:20 +0100 + +nstx (1.1-beta6-1) unstable; urgency=high + + * new upstream release + * allow binding to a specific interface (closes: #272850) + * major stability improvements, upgrade recommended + + -- Matthew Garrett Mon, 7 Mar 2005 01:52:10 +0000 + +nstx (1.1-beta5-6) unstable; urgency=high + + * initialise variables that are going to be used (closes: #277293) + * compile with -W, fix up signed/unsigned comparisons (closes: #277296) + * fix restart bug in nstxd init script (closes: #277319) + * add a length check to nstx_decode, so we don't try to decode packets + that are too short (closes: #277334) + * bump the debhelper build-depends to reflect the requirement for --name + in dh_installinit (closes: #277295) + + -- Matthew Garrett Tue, 19 Oct 2004 23:13:05 +0100 + +nstx (1.1-beta5-5) unstable; urgency=high + + * Make sure that packet length is compared against a signed int, rather + than an unsigned size_t. I haven't managed to track down what causes + this in the first place, but nstxd sessions seem to crash with + moderate regularity even when they're not being used. At a guess there's + some sort of DNS probing going on that upsets it (closes: #259079) + + -- Matthew Garrett Mon, 17 Aug 2004 18:20:05 +0100 + +nstx (1.1-beta5-4) unstable; urgency=low + + * Depend on adduser (closes: #263334) + + -- Matthew Garrett Mon, 19 Jul 2004 16:38:44 +0100 + +nstx (1.1-beta5-3) unstable; urgency=low + + * Generate an unprivileged user. chroot and drop privileges on daemon + startup. + * Revert nstxcd code to 1.1-beta 4 - working with bind seems preferable + to working with djbdns (closes: #259057) + + -- Matthew Garrett Mon, 19 Jul 2004 16:38:44 +0100 + +nstx (1.1-beta5-2) unstable; urgency=low + + * ifdown tun0 on stop + + -- Matthew Garrett Sat, 10 Jul 2004 19:11:33 +0100 + +nstx (1.1-beta5-1) unstable; urgency=low + + * New upstream version + * Compile with -O2 (Closes: #255143) + * Don't claim to have failed when startup is disabled + * Fix segfault on zero-length queries + + -- Matthew Garrett Sat, 10 Jul 2004 18:37:43 +0100 + +nstx (1.1-beta4-1) unstable; urgency=low + + * Initial Release. + + -- Matthew Garrett Thu, 27 May 2004 16:41:12 +0100 + --- nstx-1.1-beta6.orig/debian/compat +++ nstx-1.1-beta6/debian/compat @@ -0,0 +1 @@ +4 --- nstx-1.1-beta6.orig/debian/dirs +++ nstx-1.1-beta6/debian/dirs @@ -0,0 +1,2 @@ +usr/bin +usr/sbin --- nstx-1.1-beta6.orig/debian/nstx.nstxd.init +++ nstx-1.1-beta6/debian/nstx.nstxd.init @@ -0,0 +1,108 @@ +#! /bin/sh +# +# /etc/init.d/nstxd: start and stop the nstx IP over DNS daemon + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nstxd +NAME=nstxd +DESC=nstxd +NSTX_OPTIONS="-C /var/run/nstxd -u nstxd" + +test -x $DAEMON || exit 0 + +# Include nstx defaults if available +if [ -f /etc/default/nstx ] ; then + . /etc/default/nstx +fi + +set -e + +check_start_nstxd_option() { + if [ ! "$start_nstxd" = "yes" ]; then + echo "Not starting nstx daemon, disabled via /etc/default/nstx" + return 1 + else + return 0 + fi +} + + +case "$1" in + start) + if check_start_nstxd_option; then + echo -n "Starting $DESC: " + if [ -n "$NSTX_IFACE" ]; then + OPTIONS="-i $NSTX_IFACE $NSTX_OPTIONS $NSTX_DOMAIN" + else + OPTIONS="$NSTX_OPTIONS $NSTX_DOMAIN" + fi + start-stop-daemon --start -b -m --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON -- $OPTIONS + sleep 1; + if [ -n "$ifup_tun" ]; then + ifup "$ifup_tun" + fi + # for backward compatibility + if [ "$ifup_tun0" = "yes" ]; then + ifup tun0 + fi + echo "$NAME." + else + RET=1 + fi + ;; + stop) + echo -n "Stopping $DESC: " + if [ -n "$ifup_tun" ]; then + ifdown "$ifup_tun" + fi + # for backward compatibility + if [ "$ifup_tun0" = "yes" ]; then + ifdown tun0 + fi + start-stop-daemon --stop --quiet -m -o --pidfile /var/run/$NAME.pid \ + --exec $DAEMON + echo "$NAME." + ;; + restart|force-reload) + # + # If the "reload" option is implemented, move the "force-reload" + # option to the "reload" entry above. If not, "force-reload" is + # just the same as "restart". + # + echo -n "Restarting $DESC: " + if [ -n "$ifup_tun" ]; then + ifdown "$ifup_tun" + fi + # for backward compatibility + if [ "$ifup_tun0" = "yes" ]; then + ifdown tun0 + fi + start-stop-daemon --stop -m -o --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON + sleep 1 + if check_start_nstxd_option; then + start-stop-daemon --start -b -m --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON -- $NSTX_OPTIONS $NSTX_DOMAIN + sleep 1; + if [ -n "$ifup_tun" ]; then + ifup "$ifup_tun" + fi + # for backward compatibility + if [ "$ifup_tun0" = "yes" ]; then + ifup tun0 + fi + echo "$NAME." + else + RET=1 + fi + ;; + *) + N=/etc/init.d/$NAME + # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- nstx-1.1-beta6.orig/debian/nstx.nstxcd.init +++ nstx-1.1-beta6/debian/nstx.nstxcd.init @@ -0,0 +1,102 @@ +#! /bin/sh +# +# /etc/init.d/nstxcd: start and stop the nstx IP over DNS client + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/nstxcd +NAME=nstxcd +DESC=nstxcd + +test -x $DAEMON || exit 0 + +# Include nstx defaults if available +if [ -f /etc/default/nstx ] ; then + . /etc/default/nstx +fi + +set -e + +check_start_nstxcd_option() { + if [ ! "$start_nstxcd" = "yes" ]; then + echo "Not starting nstx client, disabled via /etc/default/nstx" + return 1 + else + return 0 + fi +} + + +case "$1" in + start) + if check_start_nstxcd_option; then + echo -n "Starting $DESC: " + start-stop-daemon --start -b -m --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON -- $NSTX_DOMAIN $NSTX_DNS_SERVER + sleep 1; + if [ -n "$ifup_tun" ]; then + ifup "$ifup_tun" + fi + # for backward compatibility + if [ "$ifup_tun0" = "yes" ]; then + ifup tun0 + fi + echo "$NAME." + else + RET=1 + fi + ;; + stop) + echo -n "Stopping $DESC: " + if [ -n "$ifup_tun" ]; then + ifdown "$ifup_tun" + fi + # for backward compatibility + if [ "$ifup_tun0" = "yes" ]; then + ifdown tun0 + fi + start-stop-daemon --stop -m -o --quiet --pidfile /var/run/$NAME.pid \ + --exec $DAEMON + echo "$NAME." + ;; + restart|force-reload) + # + # If the "reload" option is implemented, move the "force-reload" + # option to the "reload" entry above. If not, "force-reload" is + # just the same as "restart". + # + echo -n "Restarting $DESC: " + if [ -n "$ifup_tun" ]; then + ifdown "$ifup_tun" + fi + # for backward compatibility + if [ "$ifup_tun0" = "yes" ]; then + ifdown tun0 + fi + start-stop-daemon --stop -m -o --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON + sleep 1 + if check_start_nstxcd_option; then + start-stop-daemon --start -b -m --quiet --pidfile \ + /var/run/$NAME.pid --exec $DAEMON -- $NSTX_DOMAIN $NSTX_DNS_SERVER + sleep 1; + if [ -n "$ifup_tun" ]; then + ifup "$ifup_tun" + fi + # for backward compatibility + if [ "$ifup_tun0" = "yes" ]; then + ifup tun0 + fi + echo "$NAME." + else + RET=1 + fi + ;; + *) + N=/etc/init.d/$NAME + # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $N {start|stop|restart|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 --- nstx-1.1-beta6.orig/debian/control +++ nstx-1.1-beta6/debian/control @@ -0,0 +1,13 @@ +Source: nstx +Section: net +Priority: optional +Maintainer: Matthew Garrett +Build-Depends: debhelper (>= 4.1.68) +Standards-Version: 3.6.0 + +Package: nstx +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, adduser +Description: Tunnel IP over DNS + nstx allows you to pass IP packets via DNS queries. This allows you to use + standard network protocols when otherwise only DNS would be available. --- nstx-1.1-beta6.orig/debian/rules +++ nstx-1.1-beta6/debian/rules @@ -0,0 +1,100 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# GNU copyright 1997 to 1999 by Joey Hess. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + + + + +CFLAGS = -Wall -g + +ifneq (,$(findstring noopt,$(DEB_BUILD_OPTIONS))) + CFLAGS += -O0 +else + CFLAGS += -O2 +endif +ifeq (,$(findstring nostrip,$(DEB_BUILD_OPTIONS))) + INSTALL_PROGRAM += -s +endif + +configure: configure-stamp +configure-stamp: + dh_testdir + # Add here commands to configure the package. + + touch configure-stamp + + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + + # Add here commands to compile the package. + $(MAKE) + #/usr/bin/docbook-to-man debian/nstx.sgml > nstx.1 + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Add here commands to clean up after the build process. + -$(MAKE) clean + + dh_clean + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/nstx. + install nstxd -D $(CURDIR)/debian/nstx/usr/sbin/nstxd + install nstxcd -D $(CURDIR)/debian/nstx/usr/sbin/nstxcd + +# Build architecture-independent files here. +binary-indep: build install +# We have nothing to do by default. + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs Changelog + dh_installdocs + dh_installexamples +# dh_install +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime + dh_installinit + dh_installinit --name=nstxd + dh_installinit --name=nstxcd +# dh_installcron +# dh_installinfo + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms +# dh_perl +# dh_python +# dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure --- nstx-1.1-beta6.orig/debian/nstx.manpages +++ nstx-1.1-beta6/debian/nstx.manpages @@ -0,0 +1,2 @@ +nstxd.8 +nstxcd.8 --- nstx-1.1-beta6.orig/debian/README.Debian +++ nstx-1.1-beta6/debian/README.Debian @@ -0,0 +1,43 @@ +nstx for Debian +--------------- + +This package requires the tun driver to be loaded. As a result, you need +CONFIG_TUN to be either y or m in your kernel configuration. In order to +start things automatically, you need to configure /etc/default/nstx + +Security note +------------- + +nstx includes no authentication. Anyone who knows the name of your tunnel +domain will be able to connect to the daemon. + +djbdns +------ + +nstx will allegedly not work with a djbdns server. If you want to try +it, the following patch should make it work: + +--- nstx_dns.old.c 2004-08-17 18:13:26.000000000 +0100 ++++ nstx_dns.c 2004-08-17 18:13:12.000000000 +0100 +@@ -598,9 +598,8 @@ + if (j < i) + rrp->link = j; + } +- // ptr = _skip_lbl(ptr, &remain); +- // rrp->len = ptr[8]*256+ptr[9]; +- rrp->len = ptr[10]*256+ptr[11]; ++ ptr = _skip_lbl(ptr, &remain); ++ rrp->len = ptr[8]*256+ptr[9]; + ptr += 12; + remain -= 12; + if (remain < rrp->len) + +It's not included by default because it appears to break the nstx +client with bind9 servers. To apply it: + +apt-get source nstx +cd nstx-* +patch , Thu, 27 May 2004 16:41:12 +0100 --- nstx-1.1-beta6.orig/debian/nstx.default +++ nstx-1.1-beta6/debian/nstx.default @@ -0,0 +1,25 @@ +# Defaults for nstx initscript +# sourced by /etc/init.d/nstx +# installed at /etc/default/nstx by the maintainer scripts + +# +# This is a POSIX shell fragment +# + +# The name of the domain for the tunnel - needed for client and server +NSTX_DOMAIN="" + +# The IP address of the DNS server - needed for client only +NSTX_DNS_SERVER=`grep nameserver /etc/resolv.conf |head -1|awk '{print $2}'` + +# uncomment to start nstxd on system startup +#start_nstxd=yes + +# uncomment to start nstxcd on system startup +#start_nstxcd=yes + +# uncomment to bring up tun0 automatically +#ifup_tun=tun0 + +# uncomment to tell nstx to bind to a specific interface +#NSTX_IFACE="1.2.3.4" --- nstx-1.1-beta6.orig/debian/copyright +++ nstx-1.1-beta6/debian/copyright @@ -0,0 +1,18 @@ +This package was debianized by Matthew Garrett on +Thu, 27 May 2004 16:41:12 +0100. + +It was downloaded from http://nstx.dereference.de/nstx/ + +Upstream Authors: + +Florian Heinz +Julien Oster + + +Copyright: + +nstx is released under the terms of the GNU General Public License version 2 + +On Debian systems, the complete text of the GNU General Public +License can be found in the file '/usr/share/common-licenses/GPL' + --- nstx-1.1-beta6.orig/debian/docs +++ nstx-1.1-beta6/debian/docs @@ -0,0 +1 @@ +README --- nstx-1.1-beta6.orig/nstxcd.8 +++ nstx-1.1-beta6/nstxcd.8 @@ -0,0 +1,36 @@ +.TH NSTXCD "8" "May 2004" "nstx 1.1-beta4" "User Commands" +.SH NAME +nstxcd \- IP over DNS tunneling client + +.SH SYNOPSIS +.B "nstxcd \fIDOMAIN\fR \fIIPADDRESS\fR" + +.SH DESCRIPTION +.B nstxcd +tunnels IP packets over DNS, allowing them to be sent to a server without +any protocols other than DNS being used. + +.SH OPTIONS +.B nstxcd +takes the following options: +.IP "domain" +The domain that nstxcd will send requests to. This domain must be delegated +to a machine that is running nstxd. +.IP "IP address" +The IP address of a DNS server that can be reached from the current machine. + +.SH USAGE +.Bnstxcd +should be run against a domain that has been delegated to a machine running +nstxd. It will then take any packets that are sent to the tun0 interface and +send them over DNS to the other tunnel endpoint. Responses will appear on +the tun0 interface. + +.SH AUTHORS + +.IP +Florian Heinz +.IP +Julien Oster +.IP +http://nstx.dereference.de/nstx/ --- nstx-1.1-beta6.orig/nstxd.8 +++ nstx-1.1-beta6/nstxd.8 @@ -0,0 +1,47 @@ +.TH NSTXD "7" "Mar 2005" "nstx 1.1-beta6" "User Commands" +.SH NAME +nstxd \- IP over DNS tunneling daemon + +.SH SYNOPSIS +.B "nstxd \fIOPTION\fR \fIDOMAIN\fR" + +.SH DESCRIPTION +.B nstxd +listens for well formed DNS requests and translates them into IP packets. +Responses are sent in the form of DNS replies. This allows clients to +tunnel IP packets over the DNS protocol. + +.SH OPTIONS +.B nstxd +takes the following option: +.IP \-d tun-device +Use this tun device instead of tun0 +.IP \-i ipaddr +Bind to this IP address rather than every available address +.IP \-C dir +Chroot to this directory on startup +.IP \-D +Daemonize on startup +.IP \-g +Switch on debug messages +.IP \-u user +Run as the following user +.IP "domain" +The domain that nstxd will listen to requests for. This should be a domain +that is delegated to the machine running nstxd. + +.SH USAGE +A domain should be delegated to the machine that will run nstxd. nstxd should +then be run giving that domain as the only argument. nstxd will then listen +for requests and translate them into IP packets that will appear on the tun0 +interface. Packets sent to the tun0 interface will be transferred back to +the client as DNS answers. + +.SH AUTHORS + +.IP +Florian Heinz +.IP +Julien Oster +.IP +http://nstx.dereference.de/nstx/