Add trans-proxy-tor, transparent proxy used to redirect TCP

connections into Tor.

trans-proxy-tor is a transparent proxy
that uses PF to redirect TCP connections
through Tor (http://tor.eff.org/).

Programs that aren't aware of Tor
will use it without their knowledge,
and their traffic no longer leaves the
system unencrypted.

PR:		ports/99034
Submitted by:	Fabian Keil <fk at fabiankeil.de>

3 files changed, 136 insertions, 0 deletions

diff --git a/security/trans-proxy-tor/files/patch-lazy-day b/security/trans-proxy-tor/files/patch-lazy-day
new file mode 100644
index 000000000000..ef051d18ebb3
--- /dev/null
+++ b/security/trans-proxy-tor/files/patch-lazy-day
@@ -0,0 +1,38 @@
+--- trans-proxy-tor.orig	Sun Jun 11 04:33:35 2006
++++ trans-proxy-tor	Sun Jun 11 16:48:35 2006
+@@ -119,9 +119,20 @@
+ 
+   BEGIN {
+     if ($^O =~ /^(?:open|free)bsd\z/) {
+-      require 'sys/ioctl.ph';
+-      require 'netinet/in.ph';
+-      require 'net/pfvar.ph';
++
++# These perl headers can be created on FreeBSD as well,
++# but it leads to headaches if the user compiled world
++# and kernel without IPv6 support or has incomplete headers
++# installed.
++#
++# As the port maintainer was too lazy anyway, the values
++# for PF_OUT and IPPROTO_TCP are now hard coded instead.
++# The information how to do that came from tun,
++# the creator of trans-proxy-tor.
++#
++#      require 'sys/ioctl.ph';
++#      require 'netinet/in.ph';
++#      require 'net/pfvar.ph';
+       *_get_original_destination = \&_get_original_destination_pf;
+       if ($^O eq 'openbsd') {
+         sysopen $Pf, '/dev/pf', O_RDONLY
+@@ -159,9 +170,9 @@
+     my %pnl;
+     $pnl{$_} = 0 for @pfioc_natlook;
+ 
+-    $pnl{direction} = PF_OUT();
++    $pnl{direction} = 2; #PF_OUT();
+     $pnl{af}        = AF_INET;
+-    $pnl{proto}     = IPPROTO_TCP();
++    $pnl{proto}     = 6; #IPPROTO_TCP();
+ 
+     @pnl{qw/sport saddr/} = sockaddr_in $self->{client}{sockaddr};
+     @pnl{qw/dport daddr/} = sockaddr_in getsockname $self->{client}{handle};
diff --git a/security/trans-proxy-tor/files/pkg-message.in b/security/trans-proxy-tor/files/pkg-message.in
new file mode 100644
index 000000000000..7b8e1075874b
--- /dev/null
+++ b/security/trans-proxy-tor/files/pkg-message.in
@@ -0,0 +1,49 @@
+
+trans-proxy-tor works together with PF and requires a custom
+configuration. You probably want to use one of the example configurations
+from %%DOCSDIR%%/filter-examples.
+
+You will need to add:
+
+   cloned_interfaces="lo1"
+   ifconfig_lo1="127.0.0.2 up"
+
+to /etc/rc.conf to create and configure lo1 on boot,
+additionally add:
+
+   trans_proxy_tor_enable="YES"
+
+to start trans-proxy-tor on boot as well.
+
+Have a look at  %%PREFIX%%/etc/rc.d/trans-proxy-tor
+to see the optional variables you can use.
+
+trans-proxy-tor must be able to access /dev/pf,
+adding:
+
+   own pf root:_trans-proxy-tor
+   perm	pf 0660
+
+in /etc/devfs.conf will take care of that. 
+
+trans-proxy-tor's README, LICENSE and changelog were copied to
+%%DOCSDIR%%.
+
+Run:
+
+   perldoc trans-proxy-tor
+
+to see how to use trans-proxy-tor without the rc file.
+
+WARNING: trans-proxy-tor's purpose can easily be defeated
+by using a broken browser configuration that allows code
+execution or saves and sends cookies behind the user's back.
+Unfortunately most browser's do that by default.
+
+If you aren't already using Privoxy, now would be a good time
+to start. Additionally you might want to use the minor improvements
+from: http://www.fabiankeil.de/sourcecode/privoxy/
+
+Note that the broken browser configuration is just an example,
+the same is true for a lot of other programs you might be using!
+
diff --git a/security/trans-proxy-tor/files/trans-proxy-tor.in b/security/trans-proxy-tor/files/trans-proxy-tor.in
new file mode 100644
index 000000000000..48d78757010a
--- /dev/null
+++ b/security/trans-proxy-tor/files/trans-proxy-tor.in
@@ -0,0 +1,49 @@
+#!/bin/sh
+#
+# $FreeBSD$
+#
+# PROVIDE: trans-proxy-tor
+# REQUIRE: tor dns-proxy-tor
+# BEFORE: LOGIN
+#
+# Add the following lines to /etc/rc.conf to enable dns-proxy-tor
+#
+# trans_proxy_tor_enable	     (bool): Set to "NO" by default.
+#					     Set it to "YES" to enable trans-proxy-tor
+# trans_proxy_tor_user		      (str): trans-proxy-tor Daemon user. Default _trans-proxy-tor
+# trans_proxy_tor_group		      (str): trans-proxy-tor Daemon group. Default _trans-proxy-tor
+# trans_proxy_tor_bind_port	      (str): Set to 1112 by default.
+# trans_proxy_tor_logfile	      (str): Default is "/var/log/trans-proxy-tor.log". Created if necessary.
+# trans_proxy_tor_loglevel	      (str): Default is "info". For other values read perldoc trans-proxy-tor.
+#					
+# trans_proxy_tor_socks_addr_and_port (str): Tor's IP and socks port. Default is "127.0.0.1:9050".
+
+. %%RC_SUBR%%
+
+name="trans_proxy_tor"
+rcvar=${name}_enable
+load_rc_config ${name}
+command_interpreter="/usr/bin/perl"
+
+: ${trans_proxy_tor_enable="NO"}
+: ${trans_proxy_tor_user="_trans-proxy-tor"}
+: ${trans_proxy_tor_group="_trans-proxy-tor"}
+: ${trans_proxy_tor_bind_addr="127.0.0.1"}
+: ${trans_proxy_tor_bind_port="1112"}
+: ${trans_proxy_tor_logfile="/var/log/trans-proxy-tor.log"}
+: ${trans_proxy_tor_loglevel="debug"}
+: ${trans_proxy_tor_socks_resolve="NO"}
+: ${trans_proxy_tor_socks_addr_and_port="127.0.0.1:9050"}
+: ${pidfile="%%PREFIX%%/var/run/trans-proxy-tor/trans-proxy-tor.pid"}
+
+start_precmd="if [ ! -e ${trans_proxy_tor_logfile} ]; then\
+ echo Creating ${trans_proxy_tor_logfile};\
+ touch ${trans_proxy_tor_logfile};\
+ chown ${trans_proxy_tor_user}:${trans_proxy_tor_group} ${trans_proxy_tor_logfile};\
+fi"
+
+command="%%PREFIX%%/bin/trans-proxy-tor"
+command_args="-b ${trans_proxy_tor_bind_addr}:${trans_proxy_tor_bind_port} -p ${pidfile}\
+ -v ${trans_proxy_tor_loglevel} -l ${trans_proxy_tor_logfile} -s ${trans_proxy_tor_socks_addr_and_port}"
+
+run_rc_command "$1"