diff --git a/fragrouter/DESCR b/fragrouter/DESCR new file mode 100644 index 0000000000..cff06b687a --- /dev/null +++ b/fragrouter/DESCR @@ -0,0 +1,6 @@ +Fragrouter is a program for routing network traffic in such a way as +to elude most network intrusion detection systems. + +The attacks implemented correspond to those listed in the Secure +Networks ``Insertion, Evasion, and Denial of Service: Eluding Network +Intrusion Detection'' paper of January, 1998. diff --git a/fragrouter/Makefile b/fragrouter/Makefile new file mode 100644 index 0000000000..2ee2a40098 --- /dev/null +++ b/fragrouter/Makefile @@ -0,0 +1,21 @@ +# $NetBSD: Makefile,v 1.1.1.1 2005/01/16 17:34:31 ishit Exp $ +# FreeBSD Id: ports/security/fragrouter/Makefile,v 1.8 2003/12/21 00:22:25 sergei Exp + +DISTNAME= fragrouter-1.6 +CATEGORIES= security +# XXX: mastersite disappeared in October 2002 +# XXX: MASTER_SITES= http://www.anzen.com/research/nidsbench/ +MASTER_SITES= ftp://ftp.freebsd.org/pub/FreeBSD/ports/distfiles/ + +MAINTAINER= packages@NetBSD.org +# XXX: HOMEPAGE= http://www.anzen.com/research/nidsbench/ +COMMENT= Tool for testing network IDS implementations + +USE_BUILDLINK3= yes +GNU_CONFIGURE= yes +CONFIGURE_ARGS+= --with-libnet=${BUILDLINK_PREFIX.libnet} +CONFIGURE_ARGS+= --with-libpcap=${BUILDLINK_PREFIX.libpcap} + +.include "../../net/libpcap/buildlink3.mk" +.include "../../devel/libnet/buildlink3.mk" +.include "../../mk/bsd.pkg.mk" diff --git a/fragrouter/PLIST b/fragrouter/PLIST new file mode 100644 index 0000000000..b8e30f253d --- /dev/null +++ b/fragrouter/PLIST @@ -0,0 +1,3 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2005/01/16 17:34:31 ishit Exp $ +man/man8/fragrouter.8 +sbin/fragrouter diff --git a/fragrouter/TODO b/fragrouter/TODO new file mode 100644 index 0000000000..642eb062fd --- /dev/null +++ b/fragrouter/TODO @@ -0,0 +1 @@ +NetBSD 2.0 untested. diff --git a/fragrouter/distinfo b/fragrouter/distinfo new file mode 100644 index 0000000000..2228a89ed9 --- /dev/null +++ b/fragrouter/distinfo @@ -0,0 +1,10 @@ +$NetBSD: distinfo,v 1.1.1.1 2005/01/16 17:34:31 ishit Exp $ + +SHA1 (fragrouter-1.6.tar.gz) = b5fb0e9c2096c92661696686aed630bc0f20ce7e +Size (fragrouter-1.6.tar.gz) = 277726 bytes +SHA1 (patch-aa) = fd74576ec659d1d936002fb9042b53a75ccc7f66 +SHA1 (patch-ab) = 8e38dee246ac92897aa01622e9747e41358afde1 +SHA1 (patch-ac) = 8a6d106704cfa55fe7bf496d8a7b5fb0ba4d3a45 +SHA1 (patch-ad) = ebe9ff912b674a3f4ffdca2e2b340e0bcf3225ac +SHA1 (patch-ae) = 2b0d9e3898642a18c26e29a932706c5c990a52b7 +SHA1 (patch-af) = 128ce0b1043d4bcaf4bbcce4d98cb02f2aa4abf1 diff --git a/fragrouter/patches/patch-aa b/fragrouter/patches/patch-aa new file mode 100644 index 0000000000..2c011ec6f2 --- /dev/null +++ b/fragrouter/patches/patch-aa @@ -0,0 +1,29 @@ +$NetBSD: patch-aa,v 1.1.1.1 2005/01/16 17:34:32 ishit Exp $ + +--- Makefile.in.orig 1999-07-27 00:08:50.000000000 +0900 ++++ Makefile.in +@@ -22,15 +22,15 @@ INSTALL = @INSTALL@ + INSTALL_PROGRAM = @INSTALL_PROGRAM@ + INSTALL_DATA = @INSTALL_DATA@ + +-PCAPDIR = $(srcdir)/libpcap-0.4 +-PCAPINCS = -I$(PCAPDIR) +-PCAPLIBS = -L$(PCAPDIR) -lpcap +-PCAPDEP = $(PCAPDIR)/pcap.h $(PCAPDIR)/libpcap.a +- +-LNETDIR = $(srcdir)/Libnet-0.99b +-LNETINCS = -I$(LNETDIR)/include +-LNETLIBS = -L$(LNETDIR)/lib -lnet +-LNETDEP = $(LNETDIR)/include/libnet.h $(LNETDIR)/libnet.a ++PCAPDIR = ++PCAPINCS = @PCAPINC@ ++PCAPLIBS = @PCAPLIB@ ++PCAPDEP = ++ ++LNETDIR = ++LNETINCS = @LNETINC@ `$(prefix)/bin/libnet-config --defines` ++LNETLIBS = @LNETLIB@ ++LNETDEP = + + SRCS = attack.c fragrouter.c ip_frag.c list.c misc.c print.c \ + send.c sniff.c tcp_seg.c diff --git a/fragrouter/patches/patch-ab b/fragrouter/patches/patch-ab new file mode 100644 index 0000000000..1f3565cc69 --- /dev/null +++ b/fragrouter/patches/patch-ab @@ -0,0 +1,132 @@ +$NetBSD: patch-ab,v 1.1.1.1 2005/01/16 17:34:34 ishit Exp $ + +--- configure.orig 1999-07-27 00:08:51.000000000 +0900 ++++ configure +@@ -11,6 +11,10 @@ + ac_help= + ac_default_prefix=/usr/local + # Any additions from configure.in: ++ac_help="$ac_help ++ --with-libpcap=DIR use libpcap in DIR" ++ac_help="$ac_help ++ --with-libnet=DIR use libnet in DIR" + + # Initialize some variables set by options. + # The variables have the same names as the options, with +@@ -21,7 +25,7 @@ exec_prefix=NONE + host=NONE + no_create= + nonopt=NONE +-no_recursion= ++no_recursion=yes + prefix=NONE + program_prefix=NONE + program_suffix=NONE +@@ -1375,7 +1379,95 @@ fi + done + + +-subdirs="libpcap-0.4 Libnet-0.99b" ++#subdirs="libpcap-0.4 Libnet-0.99b" ++ ++ ++echo $ac_n "checking for libpcap""... $ac_c" 1>&6 ++echo "configure:1844: checking for libpcap" >&5 ++# Check whether --with-libpcap or --without-libpcap was given. ++if test "${with_libpcap+set}" = set; then ++ withval="$with_libpcap" ++ case "$withval" in ++ yes|no) ++ echo "$ac_t""no" 1>&6 ++ ;; ++ *) ++ echo "$ac_t""$withval" 1>&6 ++ if test -f $withval/pcap.h -a -f $withval/libpcap.a; then ++ owd=`pwd` ++ if cd $withval; then withval=`pwd`; cd $owd; fi ++ PCAPINC="-I$withval -I$withval/bpf" ++ PCAPLIB="-L$withval -lpcap" ++ elif test -f $withval/include/pcap.h -a \ ++ -f $withval/include/net/bpf.h; then ++ owd=`pwd` ++ if cd $withval; then withval=`pwd`; cd $owd; fi ++ PCAPINC="-I$withval/include" ++ if test -f $withval/lib/libwpcap.a; then ++ PCAPLIB="-L$withval/lib -lwpcap" ++ else ++ PCAPLIB="-L$withval/lib -lpcap" ++ fi ++ else ++ { echo "configure: error: pcap.h" 1>&2; exit 1; } ++ fi ++ ;; ++ esac ++else ++ if test -f ${prefix}/include/pcap.h; then ++ PCAPINC="-I${prefix}/include" ++ if test -f ${prefix}/lib/libwpcap.a; then ++ PCAPLIB="-L${prefix}/lib -lwpcap" ++ else ++ PCAPLIB="-L${prefix}/lib -lpcap" ++ fi ++ elif test -f /usr/include/pcap/pcap.h; then ++ PCAPINC="-I/usr/include/pcap" ++ PCAPLIB="-lpcap" ++ elif test -f /usr/include/pcap.h; then ++ PCAPLIB="-lpcap" ++ else ++ echo "$ac_t""no" 1>&6 ++ { echo "configure: error: libpcap not found" 1>&2; exit 1; } ++ fi ++ echo "$ac_t""yes" 1>&6 ++ ++fi ++ ++ ++echo $ac_n "checking for libnet""... $ac_c" 1>&6 ++echo "configure:1897: checking for libnet" >&5 ++# Check whether --with-libnet or --without-libnet was given. ++if test "${with_libnet+set}" = set; then ++ withval="$with_libnet" ++ case "$withval" in ++ yes|no) ++ echo "$ac_t""no" 1>&6 ++ ;; ++ *) ++ echo "$ac_t""$withval" 1>&6 ++ if test -f $withval/src/libnet.a; then ++ LNETINC="-I$withval/include" ++ LNETLIB="-L$withval/src -lnet `$withval/libnet-config --libs`" ++ elif test -x $withval/bin/libnet-config; then ++ LNETINC="`$withval/bin/libnet-config --cflags`" ++ LNETLIB="`$withval/bin/libnet-config --libs`" ++ else ++ { echo "configure: error: libnet-config not found in $withval/bin" 1>&2; exit 1; } ++ fi ++ ;; ++ esac ++else ++ if test -x ${prefix}/bin/libnet-config; then ++ LNETINC="`${prefix}/bin/libnet-config --cflags`" ++ LNETLIB="`${prefix}/bin/libnet-config --libs`" ++ else ++ echo "$ac_t""no" 1>&6 ++ { echo "configure: error: libnet not found" 1>&2; exit 1; } ++ fi ++ echo "$ac_t""yes" 1>&6 ++ ++fi + + + trap '' 1 2 15 +@@ -1516,6 +1608,10 @@ s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g + s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g + s%@INSTALL_DATA@%$INSTALL_DATA%g + s%@SET_MAKE@%$SET_MAKE%g ++s%@PCAPINC@%$PCAPINC%g ++s%@PCAPLIB@%$PCAPLIB%g ++s%@LNETINC@%$LNETINC%g ++s%@LNETLIB@%$LNETLIB%g + s%@CPP@%$CPP%g + s%@subdirs@%$subdirs%g + diff --git a/fragrouter/patches/patch-ac b/fragrouter/patches/patch-ac new file mode 100644 index 0000000000..45274a3d5c --- /dev/null +++ b/fragrouter/patches/patch-ac @@ -0,0 +1,22 @@ +$NetBSD: patch-ac,v 1.1.1.1 2005/01/16 17:34:35 ishit Exp $ + +--- ip_frag.c.orig 1999-07-27 00:08:51.000000000 +0900 ++++ ip_frag.c +@@ -128,7 +128,7 @@ ELEM * + ip_frag_add_overwrite(ELEM *list) + { + ELEM *f, *new; +- u_char nulls[PACKET], *newdata; ++ u_char nulls[LIBNET_PACKET], *newdata; + int newoff, newlen; + + memset(nulls, 0, sizeof(nulls)); +@@ -152,7 +152,7 @@ ip_frag_add_overwrite(ELEM *list) + ((struct ip *)newdata)->ip_off = htons(newoff); + + /* Add null fragment after current fragment. */ +- new = list_elem(newdata, IP_H + newlen); ++ new = list_elem(newdata, LIBNET_IP_H + newlen); + free(newdata); + + if (!list_add(f, new)) diff --git a/fragrouter/patches/patch-ad b/fragrouter/patches/patch-ad new file mode 100644 index 0000000000..d40d1fa697 --- /dev/null +++ b/fragrouter/patches/patch-ad @@ -0,0 +1,36 @@ +$NetBSD: patch-ad,v 1.1.1.1 2005/01/16 17:34:35 ishit Exp $ + +--- print.c.orig 1999-07-27 00:08:51.000000000 +0900 ++++ print.c +@@ -93,7 +93,7 @@ print_ip(unsigned char *bp, int length) + + iph = (struct ip *)bp; + +- if (length < IP_H) { ++ if (length < LIBNET_IP_H) { + printf("truncated-ip %d", length); + return; + } +@@ -190,7 +190,7 @@ print_tcp(unsigned char *bp, int length) + tcph = (struct tcphdr *)(bp + (iph->ip_hl * 4)); + len = length - (iph->ip_hl * 4); + +- if (len < TCP_H) { ++ if (len < LIBNET_TCP_H) { + printf("truncated-tcp %d", len); + return; + } +@@ -227,11 +227,11 @@ print_tcp(unsigned char *bp, int length) + if (tcph->th_flags & TH_URG) printf(" urg %d", urp); + + /* Handle options. */ +- if ((tcp_hl -= TCP_H) > 0) { ++ if ((tcp_hl -= LIBNET_TCP_H) > 0) { + register const u_char *cp; + register int i, opt, len, datalen; + +- cp = (const u_char *)tcph + TCP_H; ++ cp = (const u_char *)tcph + LIBNET_TCP_H; + putchar(' '); + ch = '<'; + diff --git a/fragrouter/patches/patch-ae b/fragrouter/patches/patch-ae new file mode 100644 index 0000000000..4158bf0571 --- /dev/null +++ b/fragrouter/patches/patch-ae @@ -0,0 +1,13 @@ +$NetBSD: patch-ae,v 1.1.1.1 2005/01/16 17:34:35 ishit Exp $ + +--- sniff.c.orig 1999-07-30 22:02:35.000000000 +0900 ++++ sniff.c +@@ -55,7 +55,7 @@ int + sniff_init(char *intf, char *ebuf) + { + char *dev, filter[BUFSIZ]; +- struct link_int *llif; ++ struct libnet_link_int *llif; + struct ether_addr *llmac; + u_long llip; + u_int net, mask; diff --git a/fragrouter/patches/patch-af b/fragrouter/patches/patch-af new file mode 100644 index 0000000000..74e6ea6918 --- /dev/null +++ b/fragrouter/patches/patch-af @@ -0,0 +1,210 @@ +$NetBSD: patch-af,v 1.1.1.1 2005/01/16 17:34:40 ishit Exp $ + +--- tcp_seg.c.orig 1999-07-27 00:08:51.000000000 +0900 ++++ tcp_seg.c +@@ -101,18 +101,18 @@ tcp_seg_null_payload(ELEM *seg) + int newlen = ntohs(iph->ip_len) - (ip_hl + tcp_hl); + u_char *newdata; + +- if (!(newdata = malloc(ip_hl + TCP_H + newlen))) ++ if (!(newdata = malloc(ip_hl + LIBNET_TCP_H + newlen))) + return NULL; + + /* Whack the payload (including TCP options to elude PAWS). */ +- memcpy(newdata, seg->data, ip_hl + TCP_H); +- memset(newdata + ip_hl + TCP_H, 0, newlen); ++ memcpy(newdata, seg->data, ip_hl + LIBNET_TCP_H); ++ memset(newdata + ip_hl + LIBNET_TCP_H, 0, newlen); + + /* Correct IP length, TCP header length, TCP checksum, segment length. */ +- ((struct ip *)newdata)->ip_len = htons(ip_hl + TCP_H + newlen); +- ((struct tcphdr *)(newdata + ip_hl))->th_off = TCP_H / 4; +- libnet_do_checksum(newdata, IPPROTO_TCP, TCP_H + newlen); +- seg->len = ip_hl + TCP_H + newlen; ++ ((struct ip *)newdata)->ip_len = htons(ip_hl + LIBNET_TCP_H + newlen); ++ ((struct tcphdr *)(newdata + ip_hl))->th_off = LIBNET_TCP_H / 4; ++ libnet_do_checksum(newdata, IPPROTO_TCP, LIBNET_TCP_H + newlen); ++ seg->len = ip_hl + LIBNET_TCP_H + newlen; + + free(seg->data); + seg->data = newdata; +@@ -188,23 +188,23 @@ tcp_seg_interleave_syns(ELEM *seg) + int ip_hl = iph->ip_hl * 4; + struct tcphdr *tcph = (struct tcphdr *)(s->data + ip_hl); + +- if (!(data = malloc(ip_hl + TCP_H))) ++ if (!(data = malloc(ip_hl + LIBNET_TCP_H))) + return NULL; + + /* Copy in IP header. */ + memcpy(data, s->data, ip_hl); + + /* Correct IP length, trash IP ID, TCP sequence number. */ +- ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H); ++ ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H); + ((struct ip *)data)->ip_id = htons(iph->ip_id) * 2; /* intentional! */ + libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport), + htonl(tcph->th_seq * 2), 0, TH_SYN, ntohs(tcph->th_win), + ntohs(tcph->th_urp), NULL, 0, data + ip_hl); + +- libnet_do_checksum(data, IPPROTO_TCP, TCP_H); ++ libnet_do_checksum(data, IPPROTO_TCP, LIBNET_TCP_H); + + /* Add it to our list of TCP packets. */ +- new = list_elem(data, ip_hl + TCP_H); ++ new = list_elem(data, ip_hl + LIBNET_TCP_H); + free(data); + + if (!(s = list_add(s, new))) +@@ -231,34 +231,34 @@ tcp_seg_prepend_fakeclose(u_char *pkt, i + return NULL; + + /* Add our fake FIN packet. */ +- if (!(data = malloc(ip_hl + TCP_H))) ++ if (!(data = malloc(ip_hl + LIBNET_TCP_H))) + return NULL; + + memcpy(data, pkt, ip_hl); +- ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H); ++ ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H); + ((struct ip *)data)->ip_id = htons(iph->ip_id) * 2; /* intentional! */ + libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport), + ntohl(tcph->th_seq) + 1, ntohl(tcph->th_ack), + TH_FIN, 0, ntohs(tcph->th_urp), NULL, 0, data + ip_hl); + +- new = list_elem(data, ip_hl + TCP_H); ++ new = list_elem(data, ip_hl + LIBNET_TCP_H); + free(data); + + if (!(list = list_add(list, new))) + return NULL; + + /* Add our fake RST packet. */ +- if (!(data = malloc(ip_hl + TCP_H))) ++ if (!(data = malloc(ip_hl + LIBNET_TCP_H))) + return NULL; + + memcpy(data, pkt, ip_hl); +- ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H); ++ ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H); + ((struct ip *)data)->ip_id = htons(iph->ip_id) * 2 + 1; /* intentional! */ + libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport), + ntohl(tcph->th_seq) + 2, ntohl(tcph->th_ack), + TH_RST, 0, ntohs(tcph->th_urp), NULL, 0, data + ip_hl); + +- new = list_elem(data, ip_hl + TCP_H); ++ new = list_elem(data, ip_hl + LIBNET_TCP_H); + free(data); + + if (!(list = list_add(list, new))) +@@ -280,34 +280,34 @@ tcp_seg_prepend_connection(u_char *pkt, + return NULL; + + /* Add our decoy SYN packet. */ +- if (!(data = malloc(ip_hl + TCP_H))) ++ if (!(data = malloc(ip_hl + LIBNET_TCP_H))) + return NULL; + + memcpy(data, pkt, ip_hl); +- ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H); ++ ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H); + ((struct ip *)data)->ip_id = htons(iph->ip_id) * 2; /* intentional! */ + libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport), + ntohl(tcph->th_seq) * 2, 0, TH_SYN, ntohs(tcph->th_win), + 0, NULL, 0, data + ip_hl); +- libnet_do_checksum(data, IPPROTO_TCP, TCP_H); +- new = list_elem(data, ip_hl + TCP_H); ++ libnet_do_checksum(data, IPPROTO_TCP, LIBNET_TCP_H); ++ new = list_elem(data, ip_hl + LIBNET_TCP_H); + free(data); + + if (!(list = list_add(list, new))) + return NULL; + + /* Add our decoy RST packet, in case the attacker is filtering hers. */ +- if (!(data = malloc(ip_hl + TCP_H))) ++ if (!(data = malloc(ip_hl + LIBNET_TCP_H))) + return NULL; + + memcpy(data, pkt, ip_hl); +- ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H); ++ ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H); + ((struct ip *)data)->ip_id = htons(iph->ip_id) * 2 + 1; /* intentional! */ + libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport), + ntohl(tcph->th_seq) * 2 + 1, 0, TH_RST, ntohs(tcph->th_win), + 0, NULL, 0, data + ip_hl); +- libnet_do_checksum(data, IPPROTO_TCP, TCP_H); +- new = list_elem(data, ip_hl + TCP_H); ++ libnet_do_checksum(data, IPPROTO_TCP, LIBNET_TCP_H); ++ new = list_elem(data, ip_hl + LIBNET_TCP_H); + free(data); + + if (!(list = list_add(list, new))) +@@ -335,24 +335,24 @@ tcp_seg_prepend_junk(u_char *pkt, int pk + return NULL; + + for (i = 0; i < 500 ; i++) { +- if (!(data = malloc(ip_hl + TCP_H + PACKET))) ++ if (!(data = malloc(ip_hl + LIBNET_TCP_H + LIBNET_PACKET))) + return NULL; + + /* Copy over IP header. */ + memcpy(data, pkt, ip_hl); + + /* Correct IP length, IP ID. */ +- ((struct ip *)data)->ip_len = htons(ip_hl + TCP_H + PACKET); ++ ((struct ip *)data)->ip_len = htons(ip_hl + LIBNET_TCP_H + LIBNET_PACKET); + ((struct ip *)data)->ip_id = htons(iph->ip_id + i); /* intentional! */ + + /* Add TCP header, null payload, and fix checksum. */ + libnet_build_tcp(ntohs(tcph->th_sport), ntohs(tcph->th_dport), + i, 666, TH_ACK, ntohs(tcph->th_win), + ntohs(tcph->th_urp), NULL, 0, data + ip_hl); +- memset(data + ip_hl + TCP_H, 0, PACKET); +- libnet_do_checksum(data, IPPROTO_TCP, TCP_H); ++ memset(data + ip_hl + LIBNET_TCP_H, 0, LIBNET_PACKET); ++ libnet_do_checksum(data, IPPROTO_TCP, LIBNET_TCP_H); + +- new = list_elem(data, ip_hl + TCP_H + PACKET); ++ new = list_elem(data, ip_hl + LIBNET_TCP_H + LIBNET_PACKET); + free(data); + + if (!(list = list_add(list, new))) +@@ -370,7 +370,7 @@ ELEM * + tcp_seg_interleave_overwrites(ELEM *seg) + { + ELEM *s, *new; +- u_char nulls[PACKET], *newdata; ++ u_char nulls[LIBNET_PACKET], *newdata; + u_long newseq; + int newlen; + +@@ -387,21 +387,21 @@ tcp_seg_interleave_overwrites(ELEM *seg) + newlen = (ntohs(iph->ip_len) - (ip_hl + tcp_hl)) / 2; + newseq = ntohl(tcph->th_seq) + newlen; + +- if (!(newdata = malloc(ip_hl + TCP_H + newlen))) ++ if (!(newdata = malloc(ip_hl + LIBNET_TCP_H + newlen))) + return NULL; + + /* Copy in IP, TCP headers and data. */ +- memcpy(newdata, s->data, ip_hl + TCP_H); +- memcpy(newdata + ip_hl + TCP_H, nulls, newlen); ++ memcpy(newdata, s->data, ip_hl + LIBNET_TCP_H); ++ memcpy(newdata + ip_hl + LIBNET_TCP_H, nulls, newlen); + + /* Correct IP length, TCP header length, TCP seqnum, TCP checksum. */ +- ((struct ip *)newdata)->ip_len = htons(ip_hl + TCP_H + newlen); ++ ((struct ip *)newdata)->ip_len = htons(ip_hl + LIBNET_TCP_H + newlen); + ((struct tcphdr *)(newdata + ip_hl))->th_seq = htonl(newseq); +- ((struct tcphdr *)(newdata + ip_hl))->th_off = TCP_H / 4; /* XXX - PAWS! */ +- libnet_do_checksum(newdata, IPPROTO_TCP, TCP_H + newlen); ++ ((struct tcphdr *)(newdata + ip_hl))->th_off = LIBNET_TCP_H / 4; /* XXX - PAWS! */ ++ libnet_do_checksum(newdata, IPPROTO_TCP, LIBNET_TCP_H + newlen); + + /* Add null fragment after current fragment. */ +- new = list_elem(newdata, ip_hl + TCP_H + newlen); ++ new = list_elem(newdata, ip_hl + LIBNET_TCP_H + newlen); + free(newdata); + + if (!list_add(s, new))