Fragrouter is a program for routing network traffic in such a way as

to elude most network intrusion detection systems.

The attacks implemented correspond to those listed in the Secure
Networks ``Insertion, Evasion, and Denial of Service: Eluding Network
Intrusion Detection'' paper of January, 1998.

fragrouter/DESCR

@@ -0,0 +1,6 @@
+Fragrouter is a program for routing network traffic in such a way as
+to elude most network intrusion detection systems.
+
+The attacks implemented correspond to those listed in the Secure
+Networks ``Insertion, Evasion, and Denial of Service: Eluding Network
+Intrusion Detection'' paper of January, 1998.

fragrouter/Makefile

@@ -0,0 +1,21 @@
+# $NetBSD: Makefile,v 1.1.1.1 2005/01/16 17:34:31 ishit Exp $
+# FreeBSD Id: ports/security/fragrouter/Makefile,v 1.8 2003/12/21 00:22:25 sergei Exp
+
+DISTNAME=	fragrouter-1.6
+CATEGORIES=	security
+# XXX: mastersite disappeared in October 2002
+# XXX: MASTER_SITES=	http://www.anzen.com/research/nidsbench/
+MASTER_SITES=	ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/
+
+MAINTAINER=	packages@NetBSD.org
+# XXX: HOMEPAGE=	http://www.anzen.com/research/nidsbench/
+COMMENT=	Tool for testing network IDS implementations
+
+USE_BUILDLINK3=	yes
+GNU_CONFIGURE=	yes
+CONFIGURE_ARGS+=	--with-libnet=${BUILDLINK_PREFIX.libnet}
+CONFIGURE_ARGS+=	--with-libpcap=${BUILDLINK_PREFIX.libpcap}
+
+.include "../../net/libpcap/buildlink3.mk"
+.include "../../devel/libnet/buildlink3.mk"
+.include "../../mk/bsd.pkg.mk"

fragrouter/PLIST

@@ -0,0 +1,3 @@
+@comment $NetBSD: PLIST,v 1.1.1.1 2005/01/16 17:34:31 ishit Exp $
+man/man8/fragrouter.8
+sbin/fragrouter

fragrouter/TODO

@@ -0,0 +1 @@
+NetBSD 2.0 untested.

fragrouter/distinfo

@@ -0,0 +1,10 @@
+$NetBSD: distinfo,v 1.1.1.1 2005/01/16 17:34:31 ishit Exp $
+
+SHA1 (fragrouter-1.6.tar.gz) = b5fb0e9c2096c92661696686aed630bc0f20ce7e
+Size (fragrouter-1.6.tar.gz) = 277726 bytes
+SHA1 (patch-aa) = fd74576ec659d1d936002fb9042b53a75ccc7f66
+SHA1 (patch-ab) = 8e38dee246ac92897aa01622e9747e41358afde1
+SHA1 (patch-ac) = 8a6d106704cfa55fe7bf496d8a7b5fb0ba4d3a45
+SHA1 (patch-ad) = ebe9ff912b674a3f4ffdca2e2b340e0bcf3225ac
+SHA1 (patch-ae) = 2b0d9e3898642a18c26e29a932706c5c990a52b7
+SHA1 (patch-af) = 128ce0b1043d4bcaf4bbcce4d98cb02f2aa4abf1

fragrouter/patches/patch-aa

@@ -0,0 +1,29 @@
+$NetBSD: patch-aa,v 1.1.1.1 2005/01/16 17:34:32 ishit Exp $
+
+--- Makefile.in.orig	1999-07-27 00:08:50.000000000 +0900
++++ Makefile.in
+@@ -22,15 +22,15 @@ INSTALL		= @INSTALL@
+ INSTALL_PROGRAM	= @INSTALL_PROGRAM@
+ INSTALL_DATA	= @INSTALL_DATA@
+ 
+-PCAPDIR		= $(srcdir)/libpcap-0.4
+-PCAPINCS	= -I$(PCAPDIR)
+-PCAPLIBS	= -L$(PCAPDIR) -lpcap
+-PCAPDEP		= $(PCAPDIR)/pcap.h $(PCAPDIR)/libpcap.a
+-
+-LNETDIR		= $(srcdir)/Libnet-0.99b
+-LNETINCS	= -I$(LNETDIR)/include
+-LNETLIBS	= -L$(LNETDIR)/lib -lnet
+-LNETDEP		= $(LNETDIR)/include/libnet.h $(LNETDIR)/libnet.a
++PCAPDIR		=
++PCAPINCS	= @PCAPINC@
++PCAPLIBS	= @PCAPLIB@
++PCAPDEP		=
++
++LNETDIR		=
++LNETINCS	= @LNETINC@ `$(prefix)/bin/libnet-config --defines`
++LNETLIBS	= @LNETLIB@
++LNETDEP	=
+ 
+ SRCS		= attack.c fragrouter.c ip_frag.c list.c misc.c print.c \
+ 		  send.c sniff.c tcp_seg.c

fragrouter/patches/patch-ab

@@ -0,0 +1,132 @@
+$NetBSD: patch-ab,v 1.1.1.1 2005/01/16 17:34:34 ishit Exp $
+
+--- configure.orig	1999-07-27 00:08:51.000000000 +0900
++++ configure
+@@ -11,6 +11,10 @@
+ ac_help=
+ ac_default_prefix=/usr/local
+ # Any additions from configure.in:
++ac_help="$ac_help
++  --with-libpcap=DIR      use libpcap in DIR"
++ac_help="$ac_help
++  --with-libnet=DIR      use libnet in DIR"
+ 
+ # Initialize some variables set by options.
+ # The variables have the same names as the options, with
+@@ -21,7 +25,7 @@ exec_prefix=NONE
+ host=NONE
+ no_create=
+ nonopt=NONE
+-no_recursion=
++no_recursion=yes
+ prefix=NONE
+ program_prefix=NONE
+ program_suffix=NONE
+@@ -1375,7 +1379,95 @@ fi
+ done
+ 
+ 
+-subdirs="libpcap-0.4 Libnet-0.99b"
++#subdirs="libpcap-0.4 Libnet-0.99b"
++
++
++echo $ac_n "checking for libpcap""... $ac_c" 1>&6
++echo "configure:1844: checking for libpcap" >&5
++# Check whether --with-libpcap or --without-libpcap was given.
++if test "${with_libpcap+set}" = set; then
++  withval="$with_libpcap"
++  case "$withval" in
++  yes|no)
++     echo "$ac_t""no" 1>&6
++     ;;
++  *)
++     echo "$ac_t""$withval" 1>&6
++     if test -f $withval/pcap.h -a -f $withval/libpcap.a; then
++        owd=`pwd`
++        if cd $withval; then withval=`pwd`; cd $owd; fi
++        PCAPINC="-I$withval -I$withval/bpf"
++        PCAPLIB="-L$withval -lpcap"
++     elif test -f $withval/include/pcap.h -a \
++               -f $withval/include/net/bpf.h; then
++        owd=`pwd`
++        if cd $withval; then withval=`pwd`; cd $owd; fi
++        PCAPINC="-I$withval/include"
++        if test -f $withval/lib/libwpcap.a; then
++           PCAPLIB="-L$withval/lib -lwpcap"
++        else
++           PCAPLIB="-L$withval/lib -lpcap"
++        fi
++     else
++        { echo "configure: error: pcap.h" 1>&2; exit 1; }
++     fi
++     ;;
++  esac
++else
++   if test -f ${prefix}/include/pcap.h; then
++     PCAPINC="-I${prefix}/include"
++     if test -f ${prefix}/lib/libwpcap.a; then
++        PCAPLIB="-L${prefix}/lib -lwpcap"
++     else
++        PCAPLIB="-L${prefix}/lib -lpcap"
++     fi
++  elif test -f /usr/include/pcap/pcap.h; then
++     PCAPINC="-I/usr/include/pcap"
++     PCAPLIB="-lpcap"
++  elif test -f /usr/include/pcap.h; then
++     PCAPLIB="-lpcap"
++  else
++     echo "$ac_t""no" 1>&6
++     { echo "configure: error: libpcap not found" 1>&2; exit 1; }
++  fi
++  echo "$ac_t""yes" 1>&6
++
++fi
++
++
++echo $ac_n "checking for libnet""... $ac_c" 1>&6
++echo "configure:1897: checking for libnet" >&5
++# Check whether --with-libnet or --without-libnet was given.
++if test "${with_libnet+set}" = set; then
++  withval="$with_libnet"
++  case "$withval" in
++  yes|no)
++     echo "$ac_t""no" 1>&6
++     ;;
++  *)
++     echo "$ac_t""$withval" 1>&6
++     if test -f $withval/src/libnet.a; then
++        LNETINC="-I$withval/include"
++        LNETLIB="-L$withval/src -lnet `$withval/libnet-config --libs`"
++     elif test -x $withval/bin/libnet-config; then
++        LNETINC="`$withval/bin/libnet-config --cflags`"
++        LNETLIB="`$withval/bin/libnet-config --libs`"
++     else
++        { echo "configure: error: libnet-config not found in $withval/bin" 1>&2; exit 1; }
++     fi
++     ;;
++  esac
++else
++  if test -x ${prefix}/bin/libnet-config; then
++     LNETINC="`${prefix}/bin/libnet-config --cflags`"
++     LNETLIB="`${prefix}/bin/libnet-config --libs`"
++  else
++     echo "$ac_t""no" 1>&6
++     { echo "configure: error: libnet not found" 1>&2; exit 1; }
++  fi
++  echo "$ac_t""yes" 1>&6
++
++fi
+ 
+ 
+ trap '' 1 2 15
+@@ -1516,6 +1608,10 @@ s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
+ s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g
+ s%@INSTALL_DATA@%$INSTALL_DATA%g
+ s%@SET_MAKE@%$SET_MAKE%g
++s%@PCAPINC@%$PCAPINC%g
++s%@PCAPLIB@%$PCAPLIB%g
++s%@LNETINC@%$LNETINC%g
++s%@LNETLIB@%$LNETLIB%g
+ s%@CPP@%$CPP%g
+ s%@subdirs@%$subdirs%g
+ 

fragrouter/patches/patch-ac

@@ -0,0 +1,22 @@
+$NetBSD: patch-ac,v 1.1.1.1 2005/01/16 17:34:35 ishit Exp $
+
+--- ip_frag.c.orig	1999-07-27 00:08:51.000000000 +0900
++++ ip_frag.c
+@@ -128,7 +128,7 @@ ELEM *
+ ip_frag_add_overwrite(ELEM *list)
+ {
+   ELEM *f, *new;
+-  u_char nulls[PACKET], *newdata;
++  u_char nulls[LIBNET_PACKET], *newdata;
+   int newoff, newlen;
+ 
+   memset(nulls, 0, sizeof(nulls));
+@@ -152,7 +152,7 @@ ip_frag_add_overwrite(ELEM *list)
+     ((struct ip *)newdata)->ip_off = htons(newoff);
+ 
+     /* Add null fragment after current fragment. */
+-    new = list_elem(newdata, IP_H + newlen);
++    new = list_elem(newdata, LIBNET_IP_H + newlen);
+     free(newdata);
+     
+     if (!list_add(f, new))

fragrouter/patches/patch-ad

@@ -0,0 +1,36 @@
+$NetBSD: patch-ad,v 1.1.1.1 2005/01/16 17:34:35 ishit Exp $
+
+--- print.c.orig	1999-07-27 00:08:51.000000000 +0900
++++ print.c
+@@ -93,7 +93,7 @@ print_ip(unsigned char *bp, int length)
+ 
+   iph = (struct ip *)bp;
+ 
+-  if (length < IP_H) {
++  if (length < LIBNET_IP_H) {
+     printf("truncated-ip %d", length);
+     return;
+   }
+@@ -190,7 +190,7 @@ print_tcp(unsigned char *bp, int length)
+   tcph = (struct tcphdr *)(bp + (iph->ip_hl * 4));
+   len = length - (iph->ip_hl * 4);
+ 
+-  if (len < TCP_H) {
++  if (len < LIBNET_TCP_H) {
+     printf("truncated-tcp %d", len);
+     return;
+   }
+@@ -227,11 +227,11 @@ print_tcp(unsigned char *bp, int length)
+   if (tcph->th_flags & TH_URG) printf(" urg %d", urp);
+ 
+   /* Handle options. */
+-  if ((tcp_hl -= TCP_H) > 0) {
++  if ((tcp_hl -= LIBNET_TCP_H) > 0) {
+     register const u_char *cp;
+     register int i, opt, len, datalen;
+     
+-    cp = (const u_char *)tcph + TCP_H;
++    cp = (const u_char *)tcph + LIBNET_TCP_H;
+     putchar(' ');
+     ch = '<';
+ 

fragrouter/patches/patch-ae

@@ -0,0 +1,13 @@
+$NetBSD: patch-ae,v 1.1.1.1 2005/01/16 17:34:35 ishit Exp $
+
+--- sniff.c.orig	1999-07-30 22:02:35.000000000 +0900
++++ sniff.c
+@@ -55,7 +55,7 @@ int
+ sniff_init(char *intf, char *ebuf)
+ {
+   char *dev, filter[BUFSIZ];
+-  struct link_int *llif;
++  struct libnet_link_int *llif;
+   struct ether_addr *llmac;
+   u_long llip;
+   u_int net, mask;

fragrouter/patches/patch-af

@@ -0,0 +1,210 @@
+$NetBSD: patch-af,v 1.1.1.1 2005/01/16 17:34:40 ishit Exp $
+
+--- tcp_seg.c.orig	1999-07-27 00:08:51.000000000 +0900
++++ tcp_seg.c
+@@ -101,18 +101,18 @@ tcp_seg_null_payload(ELEM *seg)
+   int newlen = ntohs(iph->ip_len) - (ip_hl + tcp_hl);
+   u_char *newdata;
+   
+-  if (!(newdata = malloc(ip_hl + TCP_H + newlen)))
++  if (!(newdata = malloc(ip_hl + LIBNET_TCP_H + newlen)))
+     return NULL;
+   
+   /* Whack the payload (including TCP options to elude PAWS). */
+-  memcpy(newdata, seg->data, ip_hl + TCP_H);
+-  memset(newdata + ip_hl + TCP_H, 0, newlen);
++  memcpy(newdata, seg->data, ip_hl + LIBNET_TCP_H);
++  memset(newdata + ip_hl + LIBNET_TCP_H, 0, newlen);
+ 
+   /* Correct IP length, TCP header length, TCP checksum, segment length. */
+-  ((struct ip *)newdata)->ip_len = htons(ip_hl + TCP_H + newlen);
+-  ((struct tcphdr *)(newdata + ip_hl))->th_off = TCP_H / 4;
+-  libnet_do_checksum(newdata, IPPROTO_TCP, TCP_H + newlen);
+-  seg->len = ip_hl + TCP_H + newlen;
++  ((struct ip *)newdata)->ip_len = htons(ip_hl + LIBNET_TCP_H + newlen);
++  ((struct tcphdr *)(newdata + ip_hl))->th_off = LIBNET_TCP_H / 4;
++  libnet_do_checksum(newdata, IPPROTO_TCP, LIBNET_TCP_H + newlen);
++  seg->len = ip_hl + LIBNET_TCP_H + newlen;
+ 
+   free(seg->data);
+   seg->data = newdata;
+@@ -188,23 +188,23 @@ tcp_seg_interleave_syns(ELEM *seg)
+     int ip_hl = iph->ip_hl * 4;
+     struct tcphdr *tcph = (struct tcphdr *)(s->data + ip_hl);
+ 
+-    if (!(data = malloc(ip_hl + TCP_H)))
++    if (!(data = malloc(ip_hl + LIBNET_TCP_H)))
+       return NULL;
+ 
+     /* Copy in IP header. */
+     memcpy(data, s->data, ip_hl);
+ 
+     /* Correct IP length, trash IP ID, TCP sequence number. */
+-    ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H);
++    ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H);
+     ((struct ip *)data)->ip_id = htons(iph->ip_id) * 2; /* intentional! */
+     libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport),
+ 		     htonl(tcph->th_seq * 2), 0, TH_SYN, ntohs(tcph->th_win),
+ 		     ntohs(tcph->th_urp), NULL, 0, data + ip_hl);
+     
+-    libnet_do_checksum(data, IPPROTO_TCP, TCP_H);
++    libnet_do_checksum(data, IPPROTO_TCP, LIBNET_TCP_H);
+ 
+     /* Add it to our list of TCP packets. */
+-    new = list_elem(data, ip_hl + TCP_H);
++    new = list_elem(data, ip_hl + LIBNET_TCP_H);
+     free(data);
+     
+     if (!(s = list_add(s, new)))
+@@ -231,34 +231,34 @@ tcp_seg_prepend_fakeclose(u_char *pkt, i
+     return NULL;
+   
+   /* Add our fake FIN packet. */
+-  if (!(data = malloc(ip_hl + TCP_H)))
++  if (!(data = malloc(ip_hl + LIBNET_TCP_H)))
+     return NULL;
+ 
+   memcpy(data, pkt, ip_hl);
+-  ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H);
++  ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H);
+   ((struct ip *)data)->ip_id = htons(iph->ip_id) * 2; /* intentional! */
+   libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport),
+ 		   ntohl(tcph->th_seq) + 1, ntohl(tcph->th_ack),
+ 		   TH_FIN, 0, ntohs(tcph->th_urp), NULL, 0, data + ip_hl);
+   
+-  new = list_elem(data, ip_hl + TCP_H);
++  new = list_elem(data, ip_hl + LIBNET_TCP_H);
+   free(data);
+   
+   if (!(list = list_add(list, new)))
+     return NULL;
+ 
+   /* Add our fake RST packet. */
+-  if (!(data = malloc(ip_hl + TCP_H)))
++  if (!(data = malloc(ip_hl + LIBNET_TCP_H)))
+     return NULL;
+ 
+   memcpy(data, pkt, ip_hl);
+-  ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H);
++  ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H);
+   ((struct ip *)data)->ip_id = htons(iph->ip_id) * 2 + 1; /* intentional! */
+   libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport),
+ 		   ntohl(tcph->th_seq) + 2, ntohl(tcph->th_ack),
+ 		   TH_RST, 0, ntohs(tcph->th_urp), NULL, 0, data + ip_hl);
+ 
+-  new = list_elem(data, ip_hl + TCP_H);
++  new = list_elem(data, ip_hl + LIBNET_TCP_H);
+   free(data);
+   
+   if (!(list = list_add(list, new)))
+@@ -280,34 +280,34 @@ tcp_seg_prepend_connection(u_char *pkt, 
+     return NULL;
+ 
+   /* Add our decoy SYN packet. */
+-  if (!(data = malloc(ip_hl + TCP_H)))
++  if (!(data = malloc(ip_hl + LIBNET_TCP_H)))
+     return NULL;
+ 
+   memcpy(data, pkt, ip_hl);
+-  ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H);
++  ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H);
+   ((struct ip *)data)->ip_id = htons(iph->ip_id) * 2; /* intentional! */
+   libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport),
+ 		   ntohl(tcph->th_seq) * 2, 0, TH_SYN, ntohs(tcph->th_win),
+ 		   0, NULL, 0, data + ip_hl);
+-  libnet_do_checksum(data, IPPROTO_TCP, TCP_H);
+-  new = list_elem(data, ip_hl + TCP_H);
++  libnet_do_checksum(data, IPPROTO_TCP, LIBNET_TCP_H);
++  new = list_elem(data, ip_hl + LIBNET_TCP_H);
+   free(data);
+   
+   if (!(list = list_add(list, new)))
+     return NULL;
+ 
+   /* Add our decoy RST packet, in case the attacker is filtering hers. */
+-  if (!(data = malloc(ip_hl + TCP_H)))
++  if (!(data = malloc(ip_hl + LIBNET_TCP_H)))
+     return NULL;
+ 
+   memcpy(data, pkt, ip_hl);
+-  ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H);
++  ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H);
+   ((struct ip *)data)->ip_id = htons(iph->ip_id) * 2 + 1; /* intentional! */
+   libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport),
+ 		   ntohl(tcph->th_seq) * 2 + 1, 0, TH_RST, ntohs(tcph->th_win),
+ 		   0, NULL, 0, data + ip_hl);
+-  libnet_do_checksum(data, IPPROTO_TCP, TCP_H);
+-  new = list_elem(data, ip_hl + TCP_H);
++  libnet_do_checksum(data, IPPROTO_TCP, LIBNET_TCP_H);
++  new = list_elem(data, ip_hl + LIBNET_TCP_H);
+   free(data);
+   
+   if (!(list = list_add(list, new)))
+@@ -335,24 +335,24 @@ tcp_seg_prepend_junk(u_char *pkt, int pk
+     return NULL;
+ 
+   for (i = 0; i < 500 ; i++) {
+-    if (!(data = malloc(ip_hl + TCP_H + PACKET)))
++    if (!(data = malloc(ip_hl + LIBNET_TCP_H + LIBNET_PACKET)))
+       return NULL;
+ 
+     /* Copy over IP header. */
+     memcpy(data, pkt, ip_hl);
+ 
+     /* Correct IP length, IP ID. */
+-    ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H + PACKET);
++    ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H + LIBNET_PACKET);
+     ((struct ip *)data)->ip_id = htons(iph->ip_id + i); /* intentional! */
+ 
+     /* Add TCP header, null payload, and fix checksum. */
+     libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport),
+ 		     i, 666, TH_ACK, ntohs(tcph->th_win),
+ 		     ntohs(tcph->th_urp), NULL, 0, data + ip_hl);
+-    memset(data + ip_hl + TCP_H, 0, PACKET);
+-    libnet_do_checksum(data, IPPROTO_TCP, TCP_H);
++    memset(data + ip_hl + LIBNET_TCP_H, 0, LIBNET_PACKET);
++    libnet_do_checksum(data, IPPROTO_TCP, LIBNET_TCP_H);
+     
+-    new = list_elem(data, ip_hl + TCP_H + PACKET);
++    new = list_elem(data, ip_hl + LIBNET_TCP_H + LIBNET_PACKET);
+     free(data);
+     
+     if (!(list = list_add(list, new)))
+@@ -370,7 +370,7 @@ ELEM *
+ tcp_seg_interleave_overwrites(ELEM *seg)
+ {
+   ELEM *s, *new;
+-  u_char nulls[PACKET], *newdata;
++  u_char nulls[LIBNET_PACKET], *newdata;
+   u_long newseq;
+   int newlen;
+ 
+@@ -387,21 +387,21 @@ tcp_seg_interleave_overwrites(ELEM *seg)
+     newlen = (ntohs(iph->ip_len) - (ip_hl + tcp_hl)) / 2;
+     newseq = ntohl(tcph->th_seq) + newlen;
+ 
+-    if (!(newdata = malloc(ip_hl + TCP_H + newlen)))
++    if (!(newdata = malloc(ip_hl + LIBNET_TCP_H + newlen)))
+       return NULL;
+ 
+     /* Copy in IP, TCP headers and data. */
+-    memcpy(newdata, s->data, ip_hl + TCP_H);
+-    memcpy(newdata + ip_hl + TCP_H, nulls, newlen);
++    memcpy(newdata, s->data, ip_hl + LIBNET_TCP_H);
++    memcpy(newdata + ip_hl + LIBNET_TCP_H, nulls, newlen);
+ 
+     /* Correct IP length, TCP header length, TCP seqnum, TCP checksum. */
+-    ((struct ip *)newdata)->ip_len = htons(ip_hl + TCP_H + newlen);
++    ((struct ip *)newdata)->ip_len = htons(ip_hl + LIBNET_TCP_H + newlen);
+     ((struct tcphdr *)(newdata + ip_hl))->th_seq = htonl(newseq);
+-    ((struct tcphdr *)(newdata + ip_hl))->th_off = TCP_H / 4; /* XXX - PAWS! */
+-    libnet_do_checksum(newdata, IPPROTO_TCP, TCP_H + newlen);
++    ((struct tcphdr *)(newdata + ip_hl))->th_off = LIBNET_TCP_H / 4; /* XXX - PAWS! */
++    libnet_do_checksum(newdata, IPPROTO_TCP, LIBNET_TCP_H + newlen);
+ 
+     /* Add null fragment after current fragment. */
+-    new = list_elem(newdata, ip_hl + TCP_H + newlen);
++    new = list_elem(newdata, ip_hl + LIBNET_TCP_H + newlen);
+     free(newdata);
+     
+     if (!list_add(s, new))