Add trans-proxy-tor, transparent proxy used to redirect TCP

connections into Tor. trans-proxy-tor is a transparent proxy that uses PF to redirect TCP connections through Tor (http://tor.eff.org/). Programs that aren't aware of Tor will use it without their knowledge, and their traffic no longer leaves the system unencrypted. PR: ports/99034 Submitted by: Fabian Keil <fk at fabiankeil.de>
author: miwi <miwi@FreeBSD.org> 2006-07-22 17:56:26 +0800
committer: miwi <miwi@FreeBSD.org> 2006-07-22 17:56:26 +0800
commit: 318a72d0d6af466b8fb6ed4d2bc0d1e915b0c883 (patch)
tree: 1d051b098c65f44d25f9f2439b95a387827b5380 /security
parent: 062a7651844b38f7afe65e92fef51b81e15b37f7 (diff)
download: freebsd-ports-gnome-318a72d0d6af466b8fb6ed4d2bc0d1e915b0c883.tar.gz
freebsd-ports-gnome-318a72d0d6af466b8fb6ed4d2bc0d1e915b0c883.tar.zst
freebsd-ports-gnome-318a72d0d6af466b8fb6ed4d2bc0d1e915b0c883.zip
10 files changed, 321 insertions, 0 deletions
diff --git a/security/Makefile b/security/Makefile
index a873c5bb1ea6..af15ece37750 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -650,6 +650,7 @@
     SUBDIR += tlswrap
     SUBDIR += tor
     SUBDIR += tor-devel
+    SUBDIR += trans-proxy-tor
     SUBDIR += trinokiller
     SUBDIR += tripwire
     SUBDIR += tripwire-131
diff --git a/security/trans-proxy-tor/Makefile b/security/trans-proxy-tor/Makefile
new file mode 100644
index 000000000000..a18c460dc03a
--- /dev/null
+++ b/security/trans-proxy-tor/Makefile
@@ -0,0 +1,57 @@
+# ports collection makefile for: 		trans-proxy-tor
+# Date created: 				2006-06-11
+# Whom:						Fabian Keil <fk@fabiankeil.de>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	trans-proxy-tor
+PORTVERSION=	0.0.9
+CATEGORIES=	security net
+MASTER_SITES=	http://p56soo2ibjkx23xo.onion/ \
+		http://www.fabiankeil.de/sourcecode/freebsd/
+
+MAINTAINER=	fk@fabiankeil.de
+COMMENT=	Transparent proxy used to redirect TCP connections into Tor
+
+RUN_DEPENDS=	${LOCALBASE}/bin/dns-proxy-tor:${PORTSDIR}/security/dns-proxy-tor \
+		${SITE_PERL}/${PERL_ARCH}/Event/Lib.pm:${PORTSDIR}/devel/p5-Event-Lib \
+		${LOCALBASE}/bin/tor:${PORTSDIR}/security/tor-devel
+
+USE_PERL5_RUN=	yes
+USE_RC_SUBR=	${PORTNAME}
+
+SUB_FILES=	pkg-message
+DOCSDIR=	${PREFIX}/share/doc/${PORTNAME}
+
+.include <bsd.port.pre.mk>
+
+.if defined(NO_PF)
+IGNORE=		requires PF
+.endif
+
+.if (${OSVERSION} < 502106)
+IGNORE=		requires PF which is not available on FreeBSD versions below 5.3
+.endif
+
+do-build:
+pre-install:
+	PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+do-install:
+	${INSTALL} ${WRKSRC}/${PORTNAME} ${PREFIX}/bin/
+
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+.for file in LICENSE README changelog filter-examples
+	${INSTALL_MAN} ${WRKSRC}/${file} ${DOCSDIR}
+.endfor
+	${CHOWN} -R _trans-proxy-tor:_trans-proxy-tor ${DOCSDIR}
+
+.endif
+
+post-install:
+	${MKDIR} ${PREFIX}/var/run/${PORTNAME}
+	${CHOWN} _trans-proxy-tor:_trans-proxy-tor ${PREFIX}/var/run/${PORTNAME}
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.post.mk>
diff --git a/security/trans-proxy-tor/distinfo b/security/trans-proxy-tor/distinfo
new file mode 100644
index 000000000000..e8f738117246
--- /dev/null
+++ b/security/trans-proxy-tor/distinfo
@@ -0,0 +1,3 @@
+MD5 (trans-proxy-tor-0.0.9.tar.gz) = b023f2a01dbcaa4334c05a0b9903044a
+SHA256 (trans-proxy-tor-0.0.9.tar.gz) = 02bc0b1b897c57f488edeccd5bb68fd81f04ef5e8f3323af1471d74452e75697
+SIZE (trans-proxy-tor-0.0.9.tar.gz) = 25553
diff --git a/security/trans-proxy-tor/files/patch-lazy-day b/security/trans-proxy-tor/files/patch-lazy-day
new file mode 100644
index 000000000000..ef051d18ebb3
--- /dev/null
+++ b/security/trans-proxy-tor/files/patch-lazy-day
@@ -0,0 +1,38 @@
+--- trans-proxy-tor.orig	Sun Jun 11 04:33:35 2006
++++ trans-proxy-tor	Sun Jun 11 16:48:35 2006
+@@ -119,9 +119,20 @@
+ 
+   BEGIN {
+     if ($^O =~ /^(?:open|free)bsd\z/) {
+-      require 'sys/ioctl.ph';
+-      require 'netinet/in.ph';
+-      require 'net/pfvar.ph';
++
++# These perl headers can be created on FreeBSD as well,
++# but it leads to headaches if the user compiled world
++# and kernel without IPv6 support or has incomplete headers
++# installed.
++#
++# As the port maintainer was too lazy anyway, the values
++# for PF_OUT and IPPROTO_TCP are now hard coded instead.
++# The information how to do that came from tun,
++# the creator of trans-proxy-tor.
++#
++#      require 'sys/ioctl.ph';
++#      require 'netinet/in.ph';
++#      require 'net/pfvar.ph';
+       *_get_original_destination = \&_get_original_destination_pf;
+       if ($^O eq 'openbsd') {
+         sysopen $Pf, '/dev/pf', O_RDONLY
+@@ -159,9 +170,9 @@
+     my %pnl;
+     $pnl{$_} = 0 for @pfioc_natlook;
+ 
+-    $pnl{direction} = PF_OUT();
++    $pnl{direction} = 2; #PF_OUT();
+     $pnl{af}        = AF_INET;
+-    $pnl{proto}     = IPPROTO_TCP();
++    $pnl{proto}     = 6; #IPPROTO_TCP();
+ 
+     @pnl{qw/sport saddr/} = sockaddr_in $self->{client}{sockaddr};
+     @pnl{qw/dport daddr/} = sockaddr_in getsockname $self->{client}{handle};
diff --git a/security/trans-proxy-tor/files/pkg-message.in b/security/trans-proxy-tor/files/pkg-message.in
new file mode 100644
index 000000000000..7b8e1075874b
--- /dev/null
+++ b/security/trans-proxy-tor/files/pkg-message.in
@@ -0,0 +1,49 @@
+
+trans-proxy-tor works together with PF and requires a custom
+configuration. You probably want to use one of the example configurations
+from %%DOCSDIR%%/filter-examples.
+
+You will need to add:
+
+   cloned_interfaces="lo1"
+   ifconfig_lo1="127.0.0.2 up"
+
+to /etc/rc.conf to create and configure lo1 on boot,
+additionally add:
+
+   trans_proxy_tor_enable="YES"
+
+to start trans-proxy-tor on boot as well.
+
+Have a look at  %%PREFIX%%/etc/rc.d/trans-proxy-tor
+to see the optional variables you can use.
+
+trans-proxy-tor must be able to access /dev/pf,
+adding:
+
+   own pf root:_trans-proxy-tor
+   perm	pf 0660
+
+in /etc/devfs.conf will take care of that. 
+
+trans-proxy-tor's README, LICENSE and changelog were copied to
+%%DOCSDIR%%.
+
+Run:
+
+   perldoc trans-proxy-tor
+
+to see how to use trans-proxy-tor without the rc file.
+
+WARNING: trans-proxy-tor's purpose can easily be defeated
+by using a broken browser configuration that allows code
+execution or saves and sends cookies behind the user's back.
+Unfortunately most browser's do that by default.
+
+If you aren't already using Privoxy, now would be a good time
+to start. Additionally you might want to use the minor improvements
+from: http://www.fabiankeil.de/sourcecode/privoxy/
+
+Note that the broken browser configuration is just an example,
+the same is true for a lot of other programs you might be using!
+
diff --git a/security/trans-proxy-tor/files/trans-proxy-tor.in b/security/trans-proxy-tor/files/trans-proxy-tor.in
new file mode 100644
index 000000000000..48d78757010a
--- /dev/null
+++ b/security/trans-proxy-tor/files/trans-proxy-tor.in
@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: trans-proxy-tor
+# REQUIRE: tor dns-proxy-tor
+# BEFORE: LOGIN
+#
+# Add the following lines to /etc/rc.conf to enable dns-proxy-tor
+#
+# trans_proxy_tor_enable	     (bool): Set to "NO" by default.
+#					     Set it to "YES" to enable trans-proxy-tor
+# trans_proxy_tor_user		      (str): trans-proxy-tor Daemon user. Default _trans-proxy-tor
+# trans_proxy_tor_group		      (str): trans-proxy-tor Daemon group. Default _trans-proxy-tor
+# trans_proxy_tor_bind_port	      (str): Set to 1112 by default.
+# trans_proxy_tor_logfile	      (str): Default is "/var/log/trans-proxy-tor.log". Created if necessary.
+# trans_proxy_tor_loglevel	      (str): Default is "info". For other values read perldoc trans-proxy-tor.
+#					
+# trans_proxy_tor_socks_addr_and_port (str): Tor's IP and socks port. Default is "127.0.0.1:9050".
+
+. %%RC_SUBR%%
+
+name="trans_proxy_tor"
+rcvar=${name}_enable
+load_rc_config ${name}
+command_interpreter="/usr/bin/perl"
+
+: ${trans_proxy_tor_enable="NO"}
+: ${trans_proxy_tor_user="_trans-proxy-tor"}
+: ${trans_proxy_tor_group="_trans-proxy-tor"}
+: ${trans_proxy_tor_bind_addr="127.0.0.1"}
+: ${trans_proxy_tor_bind_port="1112"}
+: ${trans_proxy_tor_logfile="/var/log/trans-proxy-tor.log"}
+: ${trans_proxy_tor_loglevel="debug"}
+: ${trans_proxy_tor_socks_resolve="NO"}
+: ${trans_proxy_tor_socks_addr_and_port="127.0.0.1:9050"}
+: ${pidfile="%%PREFIX%%/var/run/trans-proxy-tor/trans-proxy-tor.pid"}
+
+start_precmd="if [ ! -e ${trans_proxy_tor_logfile} ]; then\
+ echo Creating ${trans_proxy_tor_logfile};\
+ touch ${trans_proxy_tor_logfile};\
+ chown ${trans_proxy_tor_user}:${trans_proxy_tor_group} ${trans_proxy_tor_logfile};\
+fi"
+
+command="%%PREFIX%%/bin/trans-proxy-tor"
+command_args="-b ${trans_proxy_tor_bind_addr}:${trans_proxy_tor_bind_port} -p ${pidfile}\
+ -v ${trans_proxy_tor_loglevel} -l ${trans_proxy_tor_logfile} -s ${trans_proxy_tor_socks_addr_and_port}"
+
+run_rc_command "$1"
diff --git a/security/trans-proxy-tor/pkg-deinstall b/security/trans-proxy-tor/pkg-deinstall
new file mode 100644
index 000000000000..b42fb0aa616b
--- /dev/null
+++ b/security/trans-proxy-tor/pkg-deinstall
@@ -0,0 +1,62 @@
+#! /bin/sh
+#
+# Taken from net/cvsup-mirror
+
+PATH=/bin:/usr/sbin
+
+TRANS_PROXY_TOR_USER=_trans-proxy-tor
+TRANS_PROXY_TOR_GROUP=_trans-proxy-tor
+
+ask() {
+    local question default answer
+
+    question=$1
+    default=$2
+    if [ -z "${PACKAGE_BUILDING}" -a -z "${BATCH}" ]; then
+	read -p "${question} [${default}]? " answer
+    fi
+    if [ x${answer} = x ]; then
+	answer=${default}
+    fi
+    echo ${answer}
+}
+
+yesno() {
+    local dflt question answer
+
+    question=$1
+    dflt=$2
+    while :; do
+	answer=$(ask "${question}" "${dflt}")
+	case "${answer}" in
+	[Yy]*)		return 0;;
+	[Nn]*)		return 1;;
+	esac
+	echo "Please answer yes or no."
+    done
+}
+
+delete_account() {
+    local u g home
+
+    u=$1
+    g=$2
+    if yesno "Do you want me to remove group \"${g}\"" y; then
+	pw groupdel -n ${g}
+	echo "Done."
+    fi
+    if yesno "Do you want me to remove user \"${u}\"" y; then
+	eval home=~${u}
+	pw userdel -n ${u}
+	echo "Done."
+	if [ -d "${home}" ]; then
+	    echo "Please remember to remove the home directory \"${home}\""
+	fi
+    fi
+}
+
+if [ x$2 != xDEINSTALL ]; then
+    exit
+fi
+
+delete_account ${TRANS_PROXY_TOR_USER} ${TRANS_PROXY_TOR_GROUP}
diff --git a/security/trans-proxy-tor/pkg-descr b/security/trans-proxy-tor/pkg-descr
new file mode 100644
index 000000000000..e4a5750854ef
--- /dev/null
+++ b/security/trans-proxy-tor/pkg-descr
@@ -0,0 +1,17 @@
+trans-proxy-tor is a transparent proxy
+that uses PF to redirect TCP connections
+through Tor (http://tor.eff.org/).
+
+Programs that aren't aware of Tor
+will use it without their knowledge,
+and their traffic no longer leaves the
+system unencrypted.
+
+Using trans-proxy-tor makes anonymous
+net usage a lot easier, as you no longer
+have to configure every program for itself.
+
+WWW: http://http://p56soo2ibjkx23xo.onion/
+(Hidden service, only accessible through Tor)
+Author: tup <tup at mailvault.com>
+License: None (trans-proxy-tor is in the public domain)
diff --git a/security/trans-proxy-tor/pkg-install b/security/trans-proxy-tor/pkg-install
new file mode 100644
index 000000000000..be1b6d10bc64
--- /dev/null
+++ b/security/trans-proxy-tor/pkg-install
@@ -0,0 +1,36 @@
+#!/bin/sh
+# Taken from security/tor
+
+if [ x"$2" = xPRE-INSTALL ]; then
+    USER="_trans-proxy-tor"
+    UID="258"
+    GROUP="_trans-proxy-tor"
+    GID="258"
+
+	if /usr/sbin/pw groupshow "${GROUP}" 2>/dev/null; then
+		echo "You already have a group \"${GROUP}\", so I will use it."
+	else
+		if /usr/sbin/pw groupadd ${GROUP} -g ${GID}; then
+		    echo "Added group \"${GROUP}\"."
+	    else
+		    echo "Adding group \"${GROUP}\" failed..."
+			echo "Please create it, and try again."
+	    	exit 1
+		fi
+	fi
+
+	if /usr/sbin/pw user show "${USER}" 2>/dev/null; then
+		echo "You already have a user \"${USER}\", so I will use it."
+	else
+		if /usr/sbin/pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \
+           -d /nonexistent \
+           -s /sbin/nologin \
+           -c "dns-proxy-tor user"; then
+	        echo "Added user \"${USER}\"."
+	    else
+	        echo "Adding user \"${USER}\" failed..."
+	        echo "Please create it, and try again."
+	        exit 1
+	    fi
+	fi
+fi
diff --git a/security/trans-proxy-tor/pkg-plist b/security/trans-proxy-tor/pkg-plist
new file mode 100644
index 000000000000..b11983cd88b1
--- /dev/null
+++ b/security/trans-proxy-tor/pkg-plist
@@ -0,0 +1,9 @@
+bin/trans-proxy-tor
+%%PORTDOCS%%%%DOCSDIR%%/LICENSE
+%%PORTDOCS%%%%DOCSDIR%%/README
+%%PORTDOCS%%%%DOCSDIR%%/changelog
+%%PORTDOCS%%%%DOCSDIR%%/filter-examples
+@dirrmtry %%PORTDOCS%%%%DOCSDIR%%
+@exec mkdir -p %D/var/run/trans-proxy-tor
+@exec chown _trans-proxy-tor:_trans-proxy-tor %D/var/run/trans-proxy-tor
+@dirrmtry var/run/trans-proxy-tor
author	miwi <miwi@FreeBSD.org>	2006-07-22 17:56:26 +0800
committer	miwi <miwi@FreeBSD.org>	2006-07-22 17:56:26 +0800
commit	318a72d0d6af466b8fb6ed4d2bc0d1e915b0c883 (patch)
tree	1d051b098c65f44d25f9f2439b95a387827b5380 /security
parent	062a7651844b38f7afe65e92fef51b81e15b37f7 (diff)
download	freebsd-ports-gnome-318a72d0d6af466b8fb6ed4d2bc0d1e915b0c883.tar.gz freebsd-ports-gnome-318a72d0d6af466b8fb6ed4d2bc0d1e915b0c883.tar.zst freebsd-ports-gnome-318a72d0d6af466b8fb6ed4d2bc0d1e915b0c883.zip